MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 498d706d769c39edd9179732cac9ff5bdc27d06f80029053a95b19f2a1c8d5d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 498d706d769c39edd9179732cac9ff5bdc27d06f80029053a95b19f2a1c8d5d8
SHA3-384 hash: e0d53ba528c09a65fbc39b5406fede3f074494eb3e9b1a86638dd17a0f9efc050b003e484f1ceca1137e9e7e302f494e
SHA1 hash: da286a371bbb302d1b3f7567927debd9429b6a30
MD5 hash: 886e6e20d64dabfb1e2638ff4dd3dbd1
humanhash: uniform-social-angel-louisiana
File name:Order_9000000000000000.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:774'144 bytes
First seen:2020-05-25 13:55:00 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:bsLit9epsH8xD3n58ZLpojjH+KdVGBhaONkqWd48aoGaFuKAf47Fn3XTmrDnc5Y0:7eN5kCJdDEm4mGZ4D3O8tEH
TLSH 2BF44B397A85A815D03C457644969581A3B7A6833E51CB0F3FCE939CAF023CF3B2569E
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: morgan-company.com
Sending IP: 131.153.50.147
From: Morgan & Company <export@morgan-company.com>
Subject: Re:Re:Order
Attachment: Order_9000000000000000.img (contains "Order_9000000000000000.img.exe")

AgentTesla SMTP exfil server:
cocofarm.xyz:26

AgentTesla SMTP exfil email address:
info@cocofarm.xyz

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:33:10 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
13 of 31 (41.94%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 498d706d769c39edd9179732cac9ff5bdc27d06f80029053a95b19f2a1c8d5d8

(this sample)

AgentTesla

Executable exe 6b709b9b63ca26c0557f7f737959820f253a02628874ee3b4bf73af1ec9854fd

  
Dropping
MD5 7e35ec6363bf048199dc89dc60aa9355
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b709b9b63ca26c0557f7f737959820f253a02628874ee3b4bf73af1ec9854fd

Comments