MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54f97797d452beaa2c3acde3af0f861fa6b0cd79cdf95e454820a1c0b98eea8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 54f97797d452beaa2c3acde3af0f861fa6b0cd79cdf95e454820a1c0b98eea8d
SHA3-384 hash: a1e83260ac817a3f44dbe6a2e2cea10ba3c0442f40736eb4bcd18dcde2bbb6f973c2ec7cf8db1940bd72f88273db5a58
SHA1 hash: 6ce75b6b5a4d18a076997e0ded4a5381988f07cf
MD5 hash: a593e77d9f6250329e527c8f20de1e6b
humanhash: three-alabama-mississippi-happy
File name:Guangya_5637,pdf.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:624'640 bytes
First seen:2020-06-08 05:28:07 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:Fntm5ZiXfQZ8w1+pccYmxf5O7jO9j7oJn:mHiU2cc+O9j0Jn
TLSH 1BD4CF61F2A58DA5E41AB2F89476A92213673D596431DA0E34BF31594BB3343CCA3F0F
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.outgoing.loopia.se
Sending IP: 93.188.3.38
From: Carol Lau <cornerstone@yausang.com>
Subject: Inquiry 20/5637
Attachment: Guangya_5637,pdf.iso (contains "Guangya_5637,pdf.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:30:08 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kt4xpf6ukk7kulb2zxr26d4gd6tlbtlzzx4v4rkiecq4bomo5kgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 54f97797d452beaa2c3acde3af0f861fa6b0cd79cdf95e454820a1c0b98eea8d

(this sample)

AgentTesla

Executable exe b37c51cf38539f8c9f85b9179f2430cf0b42cce76340ff662121b28da47418d2

  
Dropping
MD5 bf1a39b79f3c983eeaf4b7c500be8979
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b37c51cf38539f8c9f85b9179f2430cf0b42cce76340ff662121b28da47418d2

Comments