MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12dad5ac22b67b339da8b380d48e8f570bc2ab68b7676d13ae68256cc53340df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12dad5ac22b67b339da8b380d48e8f570bc2ab68b7676d13ae68256cc53340df
SHA3-384 hash: 750b49c8685eac754074676ad31e03259add16a208f7d408f0c1ce833de9263de527543a614bacd186021a7278dadd8f
SHA1 hash: 6ff8e64defbd8b23785cd84cab32810ed3dbd3f6
MD5 hash: 8706a67b47f883bf71b759c11d6c17e0
humanhash: july-mars-one-undress
File name:pdf_drawing.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:507'904 bytes
First seen:2020-06-18 06:16:28 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:r33uLzAuqxdoPSb64FbiYtsXUpcjKEHtdDmmXQie5RpX4fSy3bHJDP1/Uv:7uLUxPGmskGjXtdDmmXQieP6ndDP
TLSH 37B4F14976984B15C4788B7AC8E6141403B6B9623B72E72E3FCC339D0B133DB5A0679B
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gocs.com.tn
Sending IP: 45.147.229.5
From: sales@gocs.com.tn
Subject: 5112 - UL 142 - Tank RFQ
Attachment: pdf_drawing.iso (contains "pdf_drawing.exe")

AgentTesla SMTP exfil server:
mail.itdone.cz:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Generic.fc.30295.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.BitStealer
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 05:30:18 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=clnnllbcwz5thhniwoanjdupk4f4fk3iw5tw2e5onaswzrjtidpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 12dad5ac22b67b339da8b380d48e8f570bc2ab68b7676d13ae68256cc53340df

(this sample)

AgentTesla

Executable exe 7107a54ff6d4a11d21530a533c37b00ddc423fa00b7c7ae40c74970027715bf8

  
Dropping
MD5 f8e2dac595a50205cdcb0bd573d1fe3f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7107a54ff6d4a11d21530a533c37b00ddc423fa00b7c7ae40c74970027715bf8

Comments