MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c9b168d44513348e99663e460959c85e27ad658a55e32a44ecbb8adb8163aeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c9b168d44513348e99663e460959c85e27ad658a55e32a44ecbb8adb8163aeb
SHA3-384 hash: 436dc20f35274926366dd6a2dcad9e87c247c36c9bff86c7db20af0e85d7e780716dc43a892989e15edb312ff32e2b52
SHA1 hash: 6c8f4c8b4b63df327c12d445ae0b1d6cd0999c63
MD5 hash: d3158e36779090f2f8930262ef0d0734
humanhash: gee-berlin-lithium-violet
File name:Purchase Order.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-09 05:49:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:aHbOX2t/uIsaeVVtovjVFgpL+mFNuCWv68+6:aHbg82UeVYvJ4LtFNdWv68+
TLSH 7445EF013784EA25C5BD92B8D2961A3483B598837F31D6487D2F23D69BD7F90AE01DCE
Reporter abuse_ch
Tags:AgentTesla HostGator img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway36.websitewelcome.com
Sending IP: 192.185.179.26
From: Lindsay Butler <lbutler@tamtech.com>
Subject: Full Proposal
Attachment: Purchase Order.img (contains "Purchase Order.scr")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WGF.1011.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 05:51:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsnrndkekezur2mwmpsgbfm4qxrhvvsyuvpdfjcozo4k3oawhlvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 3c9b168d44513348e99663e460959c85e27ad658a55e32a44ecbb8adb8163aeb

(this sample)

AgentTesla

Executable exe d2827b9a0edb006fbb6ade9f63d0948515ace0f6199a5a59725b8279eed54f25

  
Dropping
MD5 ef87f82a6538cd6939e1145369dd2720
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d2827b9a0edb006fbb6ade9f63d0948515ace0f6199a5a59725b8279eed54f25

Comments