MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48dadf71f8aebae8db2353d9e43e632206b89f232cfbf616484e3409afe8c15d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48dadf71f8aebae8db2353d9e43e632206b89f232cfbf616484e3409afe8c15d
SHA3-384 hash: 5d9272fd503a16566fb5e69d12013a43df7cb4122b20c3c637394e151bfe0a03979b0386bb21976c19dd7fd9731eeb76
SHA1 hash: 66ecc6fc969970d364ae89ea136073aef6603c2b
MD5 hash: a4a367659bba0573c4b09a7bf8c55aa7
humanhash: east-utah-double-timing
File name:URGENT UHP RFQ E010 RFQ FOR DC UPS SYSTEM CUT OFF DATE AUGUST 25TH 2020.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'310'720 bytes
First seen:2020-08-19 14:08:39 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:V+/T8Pty8wOfQ77NBYg6FEI9oND8AJiz7QK/jtcfh3auWZ:EWLfQ77NtpAuQbvzLIquWZ
TLSH 4755012A22D56A5FC47A18385E619B0E02F29C912061C6C5BDCF317A9FBE7CFDB1024D
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: LEE JUN WOO <angalos@hec-kr.com>
Reply-To: LEE JUN WOO <angalos@hec-kr.com>
Subject: URGENT [HYUNDAI MOTOR CCPP] DC & UPS SYSTEM / RFQ Issuance / Cut-off date : 2020-08-25
Attachment: URGENT UHP RFQ E010 RFQ FOR DC UPS SYSTEM CUT OFF DATE AUGUST 25TH 2020.IMG (contains "URGENT UHP RFQ E010 RFQ FOR DC UPS SYSTEM CUT OFF DATE AUGUST 25TH 2020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48dadf71f8aebae8db2353d9e43e632206b89f232cfbf616484e3409afe8c15d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 14:10:07 UTC
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jdnn64pyv25orwzdkpm6iptdeidlrhzdft57mfsijy2atl7iyfoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/48dadf71f8aebae8db2353d9e43e632206b89f232cfbf616484e3409afe8c15d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 48dadf71f8aebae8db2353d9e43e632206b89f232cfbf616484e3409afe8c15d

(this sample)

AgentTesla

Executable exe dc7b9feef27af7635ac6c4bf9073a4330a22de2ba8a4219d30cfc1ea097175e0

  
Dropping
MD5 ec9931b96d1ae6c81f023bd4d696bbf6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc7b9feef27af7635ac6c4bf9073a4330a22de2ba8a4219d30cfc1ea097175e0

Comments