MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 214e953ba912ea7d653717b64ea61a196f563acfb0b6855bbe0027108d6a4a74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 214e953ba912ea7d653717b64ea61a196f563acfb0b6855bbe0027108d6a4a74
SHA3-384 hash: 508c821c3f66b1b2459598f6bb96f1d80a35855976c9aa0372c8f6c930703da10c0c2f778b4740bba69570152b059c1b
SHA1 hash: f21408dc85bb29ad316e100c3c4f39011cadbfab
MD5 hash: 37a7852cbda5f7f53cbc15e7002c590f
humanhash: victor-blue-berlin-friend
File name:HI-TEN STEEL NEW ORDER.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-14 08:47:39 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:LL9SIqRfogUaYdCKpL5hqB8Ik+kvKwhEKTom6:AIEfo5wB8IklFhECom
TLSH BB45F13A53F0D508C03BF23E9115409AB1EBAC5A14B5C71A79ED3DE40F326E646A6DF8
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: v238211.serveradd.com
Sending IP: 101.100.238.211
From: Nancy Ong_HI-TEN Steel <sales@hiten-steel.com>
Reply-To: lndustooling@yahoo.com
Subject: Re: Request for Quotation_14/08/2020
Attachment: HI-TEN STEEL NEW ORDER.IMG (contains "HI-TEN STEEL NEW ORDER.exe")

AgentTesla SMTP exfil server:
mail.orientalkuwait.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen10.4036.28870.1573.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/214e953ba912ea7d653717b64ea61a196f563acfb0b6855bbe0027108d6a4a74/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 02:53:22 UTC
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=efhjko5jclvh2zjxc63e5jq2dfxvmowpwc3ikw56aatrbdlkjj2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/214e953ba912ea7d653717b64ea61a196f563acfb0b6855bbe0027108d6a4a74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 214e953ba912ea7d653717b64ea61a196f563acfb0b6855bbe0027108d6a4a74

(this sample)

AgentTesla

Executable exe baa6af0e8692e2720aa2b8a4fc78398f35299196cf77227d50e51f1d931a4a87

  
Dropping
MD5 3b7967041137b9470e60966555db95d0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 baa6af0e8692e2720aa2b8a4fc78398f35299196cf77227d50e51f1d931a4a87

Comments