MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c2ba255487bd56ef6ad5e5df649d6e1122a18c935e6b4384fde173c79e2f61d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c2ba255487bd56ef6ad5e5df649d6e1122a18c935e6b4384fde173c79e2f61d
SHA3-384 hash: 30a91953ec9e4dbdf2821dca8a9afd35e31db95ee782b65a55dda41e7e57f42bd9b7bcfc5d33cf892d2b6b4d52230d76
SHA1 hash: ed0c87645edd774a26aef1b72f13c0566e4eabfb
MD5 hash: aadb61f9ec956442abf307b39b211dda
humanhash: hamper-spaghetti-queen-skylark
File name:RQ.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:581'632 bytes
First seen:2020-06-10 09:59:51 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:uHGLdyTmpcYyeRLpSserO/Wpp5hvsBkebyy:u+0CpTyeRLphDWpd
TLSH 4CC4BE8C7640B2DFC86BC87689A81C24AB61A1775327D247745B12ED9B0E7DBCF042E7
Reporter abuse_ch
Tags:AgentTesla Chase geo img USA


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: koreaunicom.co.kr
Sending IP: 45.153.242.229
From: Chase <globals@koreaunicom.co.kr>
Subject: RE: Request for Quotation - New Client Contact
Attachment: RQ.img (contains "RE.exe")

AgentTesla SMTP exfil server:
mitendiorigin.cf:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 10:01:07 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqv2evkippkw55vnlzo7msow4ejcuggjgxtliocp3ylty6pc6yoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 0c2ba255487bd56ef6ad5e5df649d6e1122a18c935e6b4384fde173c79e2f61d

(this sample)

AgentTesla

Executable exe 69fd68e42bf6c97d7d97134c248ced79cd81fe6b58873b3d31558bf4d875a097

  
Dropping
MD5 83c59969e6b81bdeadb40b301a9b1b52
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69fd68e42bf6c97d7d97134c248ced79cd81fe6b58873b3d31558bf4d875a097

Comments