MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04411a4151883c40afdc0fda7e52889804c8bcdaed2f7c4933ca1c698ad85c61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04411a4151883c40afdc0fda7e52889804c8bcdaed2f7c4933ca1c698ad85c61
SHA3-384 hash: eab02be813fdbf3d2e713aface6f674e8412ff877b23715f4ea6c2dd5d25234fa9b39c666b3d07378262c8fc7e1d99e4
SHA1 hash: 3b8748e1ed52ca4bdfc6ebb34a460887b0225122
MD5 hash: 41dacf06fb3abbfb1055cfc85a411afd
humanhash: robin-nevada-high-twenty
File name:IMG_SCAN_COPY_PEDIDO N 16.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'341'440 bytes
First seen:2020-08-05 12:16:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:IaJkLQsH571kzgT+LpwkpwrxaiZetQuLLDD7S2IGhhmlyb:AQsdegT+LpDpociZ8Jn7S2nHey
TLSH E255D0613984DF9DC82E0F3038236810DBE1AD560A52F64FBC9A79FC57F664A4E2634D
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: llsa736-a17.servidoresdns.net
Sending IP: 82.223.190.27
From: Administración Juan Suarez Carrocerias <oficina@ribawood.com>
Subject: PEDIDO Nº 16 FIRMADO
Attachment: IMG_SCAN_COPY_PEDIDO N 16.img (contains "IMG_SCAN_COPY_PEDIDO Nº 16.exe")

AgentTesla SMTP exfil server:
mail.dunyaeko.tk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.10544.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04411a4151883c40afdc0fda7e52889804c8bcdaed2f7c4933ca1c698ad85c61/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 12:18:07 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=araruqkrra6ebl64b7nh4uuitacmrpg25uxxysjtziogtcwylrqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/04411a4151883c40afdc0fda7e52889804c8bcdaed2f7c4933ca1c698ad85c61

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 04411a4151883c40afdc0fda7e52889804c8bcdaed2f7c4933ca1c698ad85c61

(this sample)

AgentTesla

Executable exe 717a2c93f4d96e5c677070c4330de81f44e8f16d012c45f4009c073442cdc019

  
Dropping
MD5 da680ce2b891ab86adcd86853be5bec8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 717a2c93f4d96e5c677070c4330de81f44e8f16d012c45f4009c073442cdc019

Comments