MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55952f1ab4fcfb9ae0e3e8f6f117884b65be7b7e91d41bf0f39ef8ca539e61f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55952f1ab4fcfb9ae0e3e8f6f117884b65be7b7e91d41bf0f39ef8ca539e61f2
SHA3-384 hash: a1798dd3b6fabe330259f6e93a91154e08d1632fa761717822a5a3c8443b9d3bbc0234d6d254c8cc4bd09079b291edc1
SHA1 hash: 8f8fbf5cab909fcf134528f506c3be2bed2a669a
MD5 hash: 9790ffd17e5c19f9daacbd783c20ff37
humanhash: tennis-east-kentucky-alabama
File name:Payment copy.pdf.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-07 09:17:29 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:NS5EArM3//veU+BHtCOtIbjgl1d8cVfES:xWU+xBtIbo1djVfE
TLSH 3A459C7232B55F82C53A0BF5A81021404FFA296FA53DD26C7EC520DB46A1F548E92FB7
Reporter abuse_ch
Tags:AgentTesla GoDaddy iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sg2nlshrout02.shr.prod.sin2.secureserver.net
Sending IP: 182.50.132.194
From: thekevinbowman@sendgrid.net
Subject: Payment Confirmation slip
Attachment: Payment copy.pdf.iso (contains "Payment copy.exe")

AgentTesla SMTP exfil server:
mail.panchavatihotels.com:587

AgentTesla SMTP exfil email address:
nelsonanthony2022@gmail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55952f1ab4fcfb9ae0e3e8f6f117884b65be7b7e91d41bf0f39ef8ca539e61f2/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:19:09 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwks6gvu7t5zvyhd5d3pcf4ijns34636shkbx4htt34muu46mhza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 55952f1ab4fcfb9ae0e3e8f6f117884b65be7b7e91d41bf0f39ef8ca539e61f2

(this sample)

AgentTesla

Executable exe 07673093f3b9e9947c5d7b6684927c16e3ae6404039051c02ee48df0d046fdd8

  
Dropping
MD5 1664c11dd4bdcb118c22a90ff8ef92b4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07673093f3b9e9947c5d7b6684927c16e3ae6404039051c02ee48df0d046fdd8

Comments