MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23e037a89af7f064ffba3886a8c0789c44c3295c35219744d969ac5b3f5865a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23e037a89af7f064ffba3886a8c0789c44c3295c35219744d969ac5b3f5865a3
SHA3-384 hash: 0c7462257c51335a44807a0c9ab04c248e0f03947fae6abdfd725a0c2b47dd446d9a919baaa8783066fb2da496a55ee3
SHA1 hash: 39757602927be48d53b1b8c295637937313250b6
MD5 hash: 663cd8dcfa17db1833e7586821232c09
humanhash: orange-lemon-double-undress
File name:NEWORDER2020.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-07-20 08:21:22 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:VuNzf1q9I6/kldSCGDyaod+ik4g8y3SoDjMOSaJxfhokuiAzdk39CbhNdxQ2:VuhfOPW2rEloDY3aJx5HGk39C9Ndx
TLSH AB65E1C96AA05400D6ED2FF59E62CA744330BD05F5F2D30F2FC8A98F2A7A792D854752
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: aerix.co.kr
Sending IP: 211.233.11.30
From: Nurfilzah<bdenning@copdfoundation.org>
Subject: new order
Attachment: NEWORDER2020.IMG (contains "Ay8QpJpENt0425g.exe")

AgentTesla FTP exfil server:
gsmtp.me:21

AgentTesla FTP exfil user name:
mikano

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.52265.2044.17594.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23e037a89af7f064ffba3886a8c0789c44c3295c35219744d969ac5b3f5865a3/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 08:23:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=epqdpke267ygj752hcdkrqdytrcmgkk4guqzorgzngwfwp2ymwrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/23e037a89af7f064ffba3886a8c0789c44c3295c35219744d969ac5b3f5865a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 23e037a89af7f064ffba3886a8c0789c44c3295c35219744d969ac5b3f5865a3

(this sample)

AgentTesla

Executable exe 02c2005db700502924f6ef390445b277d1d026553f1917cb85b043144888c70c

  
Dropping
MD5 29def4691ee3e170fa8c1bf6a2f7a9bd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 02c2005db700502924f6ef390445b277d1d026553f1917cb85b043144888c70c

Comments