MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2393d3556dc536e66f2a67352cceb88375fe89a70e10d7c836c2cbf28eec7278. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2393d3556dc536e66f2a67352cceb88375fe89a70e10d7c836c2cbf28eec7278
SHA3-384 hash: f3b195c705dae73768c6c81927b6563ae068a08ff0246381fb0f5ca55f111530003685f97bb41447ee4eb572bbb9e04c
SHA1 hash: 6af026bf784844e016b8fdcd6ac6ed9078ff9743
MD5 hash: 295598cebea1396b590e1c10eaad612f
humanhash: foxtrot-solar-one-orange
File name:Confirm Awb noXXX378920.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:735'232 bytes
First seen:2020-05-27 06:58:31 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:lGSzYBchlDEJD6LpZI6AyLWDhQaZWA9V9pQ1+LGV6Gb+4FZtXsB/bxN:lGSxEt67jaMQ9FGVb+4e
TLSH 97F45D3ABA446805D13C097A10E565D16AB5B6833E12C31F3ACE676CAF027FE7F05399
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.av-displey.com
Sending IP: 173.82.235.125
From: DHL Express <info@av-displey.com>
Subject: Delivery Receipt | Confirm Awb no:XXX378920
Attachment: Confirm Awb noXXX378920.iso (contains "Confirm Awb noXXX378920.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.672095.25978.11927.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:13:46 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 30 (50.00%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 2393d3556dc536e66f2a67352cceb88375fe89a70e10d7c836c2cbf28eec7278

(this sample)

AgentTesla

Executable exe 434a0c4fed3568494b257eb17ef8b7ad69c7d2d334e71fdfff5d28ea499c7f63

  
Dropping
MD5 2d3f9bb16633a4ae1d286334fcf5f2fa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 434a0c4fed3568494b257eb17ef8b7ad69c7d2d334e71fdfff5d28ea499c7f63

Comments