MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1adc18ee6c7de3c847656ecaac4023ed89e5c989e80460daad5f19a9a7df31e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1adc18ee6c7de3c847656ecaac4023ed89e5c989e80460daad5f19a9a7df31e8
SHA3-384 hash: 8c5c3620ba7a47e717e32e677a10e5735105fdb36cb52988e15e4a66f68e8b41b02cb0b167e6e9183d3ef666c999c303
SHA1 hash: 8ccf246457db34255ed33e327aa6244df4a9fbcf
MD5 hash: b882c89c11f35cdf4fda99d2b10803ca
humanhash: artist-one-lion-twenty
File name:file.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-03 08:14:20 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:9JLOyziSPlBbgPVAs8kGcFhBvLWApdjFe3hpuLEy8tMT6ZZDGhnWkP:RpSA/kbTLWAZWhIE8
TLSH D4459D9D762072EFC857D0769EA92D68FA9034BB831F4103A01B25AD9F4D897CF245F2
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.bayercornpany.com
Sending IP: 45.95.169.50
From: Arthur Sanchez <tradincorp@juditief.com>
Subject: Re: Bank Details Changed
Attachment: file.iso (contains "Bank Details.pdf.iso.exe")

AgentTesla SMTP exfil server:
mail.logserver.ga:25

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 12:11:44 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dlobr3tmpxr4qr3fn3fkyqbd5we6lsmj5acgbwvnl4m2tj67ghua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 1adc18ee6c7de3c847656ecaac4023ed89e5c989e80460daad5f19a9a7df31e8

(this sample)

AgentTesla

Executable exe 4fba937f1e8ae7eab73de2233f36e813fc2e4e889cbf5103f72ed642ba2e76c3

  
Dropping
MD5 32b0333324cb7e09a5310ca329882779
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fba937f1e8ae7eab73de2233f36e813fc2e4e889cbf5103f72ed642ba2e76c3

Comments