MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56d85a979245364288d1814d5c45a8acf653c5da47d2eefe8f60f7b7de194e9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56d85a979245364288d1814d5c45a8acf653c5da47d2eefe8f60f7b7de194e9c
SHA3-384 hash: 72604d8f6d69800b2f3989effe0620d7f908d05eb7a91eaa59b67c3a62014511cc83b099bf33d3f5000db03f49c6c693
SHA1 hash: 0209af41d16762f1380f66bc51f1632b6512a7dd
MD5 hash: 4986e945acf2f63ad7f5da3a9e75d8f1
humanhash: timing-mexico-enemy-robert
File name:NEW COVID-19 VACCINE- CURE- UPDATE.Xlxs.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:512'000 bytes
First seen:2020-04-20 14:42:14 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:XZ+e3jB4YTznVbkuBXW+7HIHYRf8uTj3dnjYlU:z94YTzG8LI4RfLTNYG
TLSH C9B401857A1C9A47DE7E08F59092204017F6961EE5A6E7F53F8CE0E78BC37CA18017A7
Reporter abuse_ch
Tags:COVID-19 iso


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: linux887.grserver.gr
Sending IP: 185.4.133.240
From: [ W.H.O ]WORLD HEALTH ORGANIZATION <worldhealthsupport@who.com>
Subject: W.H.O: NEW COVID-19 VACCINE NOW AVAILABLE!!!
Attachment: NEW COVID-19 VACCINE- CURE- UPDATE.Xlxs.iso (contains "NEW COVID-19 VACCINE- CURE- UPDATE.Xlxs.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587 (77.88.21.158)

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.47646.14754.25554.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-04-20 04:23:02 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k3mfvf4siu3efcgrqfgvyrnivt3fhro2i7jo57upmd33pxqzj2oa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 56d85a979245364288d1814d5c45a8acf653c5da47d2eefe8f60f7b7de194e9c

(this sample)

AgentTesla

Executable exe 8a020281d5b475372fcf518c8f4a6b913b3a855c458996a9d7b525062ad736ec

  
Dropping
MD5 40bcee2677fb71dac76ecb01f8e00b5b
  
Dropping
SHA256 8a020281d5b475372fcf518c8f4a6b913b3a855c458996a9d7b525062ad736ec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments