MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09cd4a62de298bd73aec80b31ae63761f7aa16d9b60cc1a627527f706b5f43c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09cd4a62de298bd73aec80b31ae63761f7aa16d9b60cc1a627527f706b5f43c8
SHA3-384 hash: c0908e4544f971bea670c15e608f7445ae8b2a3d63f23b4f62c9c484c2887ad3df81b72743fdbbc206b2cd07a3b96464
SHA1 hash: 80599248174e40e66f985dc850f9823d847d8763
MD5 hash: c2ad412f248d553444ed70c799bdae58
humanhash: five-freddie-freddie-sierra
File name:Catalogue RMK trading LTD_6682_PDF.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:667'648 bytes
First seen:2020-07-16 06:26:04 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:x1o2k4zU04yTPhlaeVbDTzLsXPDq1GE09mTHM2CnnJzWxikmzofLO2Eh:/P9ThAeZDTmPDqGj6H6J
TLSH B3E49DC83510759EC44ECD768964DC70A6102C62F7FBD207A3CB6E9F7A3D697CA052A2
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: llsc494-a17.servidoresdns.net
Sending IP: 82.223.190.47
From: RMK Trading Ltd <revesnor@revesnor.com>
Reply-To: c.eomirou@rmk.es
Subject: INQUIRY
Attachment: Catalogue RMK trading LTD_6682_PDF.iso (contains "Catalogue RMK trading LTD_6682_PDF.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.19310.9601.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09cd4a62de298bd73aec80b31ae63761f7aa16d9b60cc1a627527f706b5f43c8/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:27:08 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bhguuyw6fgf5ooxmqczrvzrxmh32ufwzwygmdjrhkj7xa227ipea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 09cd4a62de298bd73aec80b31ae63761f7aa16d9b60cc1a627527f706b5f43c8

(this sample)

AgentTesla

Executable exe 0fcdf988e2477495e8fa6b8b307118106ee71d8a6ba4e22159da160f0c3f44de

  
Dropping
MD5 a1311684ba4c89ff7c84a7ee02ef9dbd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fcdf988e2477495e8fa6b8b307118106ee71d8a6ba4e22159da160f0c3f44de

Comments