MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3910ea0a26b2641d16159a0c6562c36ecee848c024120bed6dc5579ae6dd79eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3910ea0a26b2641d16159a0c6562c36ecee848c024120bed6dc5579ae6dd79eb
SHA3-384 hash: 01ea61efded0dfb993e2ae918e0520ba0f8d58769c3ed8bef35532f21e05d232da422fda4aa6f4a0a4e320a2229e55f9
SHA1 hash: 2e73f3b83783de74301944f29a053a9df6dfe9cf
MD5 hash: 28ddd985abb46d166de5b7550ee2d99f
humanhash: ceiling-enemy-low-social
File name:INQUIRY_5374354839.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:651'264 bytes
First seen:2020-06-17 05:25:45 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:VZm49UNNMYcB4OxJgAERBvv7AcigK8bZKJ1z/IaQ5JQbiz365:r9V0OxJgAER53tK8M/IrzQbiz3
TLSH 72D45C2D3A41B815D17C093248AA5A906773EA837702C70F7ADE575C6F13ACF3B5628E
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-433879.us-west-1.nxcli.net
Sending IP: 173.249.144.89
From: officebgd@medicodomus.bd
Subject: Kindly Send Price List
Attachment: INQUIRY_5374354839.iso (contains "INQUIRY_5374354839.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.17791.11792.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 21:18:34 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=heioucrgwjsb2fqvtiggkywdn3hoqsgaeqjax3lnyvlzvzw5phvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 3910ea0a26b2641d16159a0c6562c36ecee848c024120bed6dc5579ae6dd79eb

(this sample)

AgentTesla

Executable exe ceeb556fc1d7f8d885e5fdd4cf385a1fa6032217532db1f33a188127e97cc618

  
Dropping
MD5 ff57edde58f2c0396609088df4914728
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ceeb556fc1d7f8d885e5fdd4cf385a1fa6032217532db1f33a188127e97cc618

Comments