MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46aea26e8f56dc23f73abcad5be9e8643692ebdeb90b845bcb80c9782067110b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46aea26e8f56dc23f73abcad5be9e8643692ebdeb90b845bcb80c9782067110b
SHA3-384 hash: 579923279cc7d4c2e10856026a7d443166a349bdc26036715257a307266628799f3ae833f066d2d278977069eb0a3542
SHA1 hash: 3831a78750503d50b8aa7edcf5cf7536061f7492
MD5 hash: d2a584f51d890305a78fadaa2b34ef55
humanhash: alanine-twelve-yankee-oregon
File name:NEW GERMAN ORSER- 50MT PO 1181 - 1192.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'359'296 bytes
First seen:2020-05-02 13:34:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:Etb20pkaCqT5TBWgNQ7aNA8FaVtoYnMPkfJmnVjTrXqmNE86aLdb6A:tVg5tQ7aNA86nMPyJyBXN6aN5
TLSH 50B5D0A2638DC264C6B35173B9367753AD7B781D4DA4B41F2FD46E2EBD20312011BAA3
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.zohofoodtrading.xyz
Sending IP: 138.68.13.151
From: salesdept@zohofoodtrading.xyz
Subject: NEW GERMAN ORDER- 50MT 5LOTS
Attachment: NEW GERMAN ORSER- 50MT PO 1181 - 1192.IMG (contains "GERMAN PO 1181- NEW 50MT INQUIRY.exe")

AgentTelsa C2:
https://bikewebradio.com.br/

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-02 13:35:24 UTC
File Type:
Binary (Archive)
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i2xke3upk3och5z2xswvx2pimq3jf266xefyiw6lqdexqidhcefq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 46aea26e8f56dc23f73abcad5be9e8643692ebdeb90b845bcb80c9782067110b

(this sample)

AgentTesla

Executable exe 8044dc7f383547fb4d9acfc1bfd1adfe3e6def133317a506b991e5b62a29bc63

  
Dropping
MD5 613b84634e28713c96db76d7ffe339aa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8044dc7f383547fb4d9acfc1bfd1adfe3e6def133317a506b991e5b62a29bc63

Comments