MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22e062de7b85e351f4e0f7cd17af0f411b41676c761ea81581facb9532f40844. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22e062de7b85e351f4e0f7cd17af0f411b41676c761ea81581facb9532f40844
SHA3-384 hash: 94191d6bb0a1b4f316b65a2757ef0ef03b16ee233a812f8c0d0cd3d0f28a29224064f14aa8410c17303681ee990a9b96
SHA1 hash: ffd53273160c45b6a525af3b3e2ca90b9adbcc5b
MD5 hash: 4858f71c73515101e8100e6ad41ff56a
humanhash: delta-table-mars-pip
File name:doc-07132020.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-13 06:26:25 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:C3O2vV3KXbRzDr0S2SuRw+PTyMWyeGFNXuGNeWwyF3AikFar:GO2vkriSYFT7WG2EeWvANQ
TLSH D345124163EF8354EEFA9E3A3C204751D178940E8A21FBDE731F372D8B5A76049266B1
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.bashstat.ru
Sending IP: 81.30.192.250
From: Sales <807856462g@gmail.com>
Subject: Fwd: New order
Attachment: doc-07132020.img (contains "doc-071320201.exe")

AgentTesla SMTP exfil server:
mail.napred.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WUO.16568.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/22e062de7b85e351f4e0f7cd17af0f411b41676c761ea81581facb9532f40844/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:28:06 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=elqgfxt3qxrvd5ha67grplypienucz3moypkqfmb7lfzkmxubbca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 22e062de7b85e351f4e0f7cd17af0f411b41676c761ea81581facb9532f40844

(this sample)

AgentTesla

Executable exe 0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee

  
Dropping
MD5 a7fe386df37ae66d6f28ed9b91e0278f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0947492a00cd402a32d498a1d7f1e2d30e1a1c5d48cc65fbef5784f7593b1eee

Comments