MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 570181b4fefb7c4c8a692a83b4aba45ef46c0cd777ccae29a7ce90ed8afe5a67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 570181b4fefb7c4c8a692a83b4aba45ef46c0cd777ccae29a7ce90ed8afe5a67
SHA3-384 hash: 1f68127e49eef6ad741e9f376a267315991fe3481cbc646346f6e8ce44c74c0220b87240e6e909eaf5dddd6b1d48de18
SHA1 hash: 46a04dbeb54b72c177fdf565f1e25650081885ce
MD5 hash: 0ead9ec633839200ce89d264684af498
humanhash: green-pip-magazine-high
File name:scan_745645645785.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'658'880 bytes
First seen:2020-05-11 14:58:25 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:jtb20pkaCqT5TBWgNQ7aBRNKzkXflaTGrTYQUu6QfWoIWq4OMBq891rc6A:gVg5tQ7aBRNckPlaiTYQUyfRvBjDA5
TLSH 5C75CF12339D8260C37F51737A15B741AE7BF81525A1FCBB2FD8C93CAA201615E0A66F
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: winpro1.internet-webhosting.com
Sending IP: 103.8.24.77
From: <hr@megamart.com.my>
Subject: FW: CONFIRM PAYMENT DETAILS (Inv. No. MVN-2102020)
Attachment: scan_745645645785.iso (contains "scan_745645645785.scr")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 02:13:43 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k4aydnh67n6ezctjfkb3jk5el32gydgxo7gk4knhz2io3cx6ljtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 570181b4fefb7c4c8a692a83b4aba45ef46c0cd777ccae29a7ce90ed8afe5a67

(this sample)

AgentTesla

Executable exe f9ed4c08e84ddbd335d35d4ddeb614143786ed1bfbfc840aea630710e3a01904

  
Dropping
MD5 34d09d2d0dc53db31284695eab4d2a31
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f9ed4c08e84ddbd335d35d4ddeb614143786ed1bfbfc840aea630710e3a01904

Comments