MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2453a1f44b2b042a509ac06aa09b4ac86ed622daeca397d96d77e455e91a0e3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2453a1f44b2b042a509ac06aa09b4ac86ed622daeca397d96d77e455e91a0e3b
SHA3-384 hash: 1a951a41b3b610fd8de4e76af79078d316100651601bc001182254ecded635f6f8cf4239032866bfc482bc70624aa1fe
SHA1 hash: 870e9d2143ccff0ac1e9958f84a6ca02b7076989
MD5 hash: 1b7512df56e5f23093b9b4bc2b5e07a1
humanhash: juliet-tango-failed-july
File name:doc986897648035.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-15 06:41:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:sigAbflJJYHDiHjDcQQyzS7y11TRqG2VGx/871hodHbLP0OWyeNfbUfbIori:XTb9JGWHjTS7AlQRVN7n0bgbNfAfb
TLSH F945D07C32AC4D23E4BC45F98861214047B06C193DAAE3E9ACC771EB1BF17A12F96657
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rmeasdale.com
Sending IP: 37.48.85.242
From: Pat<info@rmeasdale.com>
Subject: Due payment
Attachment: doc986897648035.img (contains "doc986897648035.exe")

AgentTesla SMTP exfil server:
smtp.jpme.org.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 07:16:49 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
18 of 48 (37.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=erj2d5clfmccuue2ybvkbg2kzbxnmiw25srzpwlno7sfl2i2by5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 2453a1f44b2b042a509ac06aa09b4ac86ed622daeca397d96d77e455e91a0e3b

(this sample)

AgentTesla

Executable exe 39e500bf794a3245be4db60416ce78a510838680c806b5533d95feeb53b2c5a1

  
Dropping
MD5 dcd8cc8a2c1ab08cfa3d43c4b653b348
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39e500bf794a3245be4db60416ce78a510838680c806b5533d95feeb53b2c5a1

Comments