MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60232e3ba91c3cc659973469104b3a3958f361d9ac5ce0ec6edab50d9224ad57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60232e3ba91c3cc659973469104b3a3958f361d9ac5ce0ec6edab50d9224ad57
SHA3-384 hash: 66b6ef2e66feaf05ec62b8e4946702475304d6e7e988a410a5f4f0d629ba69670508edf2b26185f7ae4a49bbe008587d
SHA1 hash: d38ac3c3cc356786a6ed4c85639de5b5f65ad56c
MD5 hash: df7c0a16e1f1303571ed048f212787e9
humanhash: bluebird-snake-violet-equal
File name:PO478027 India .iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:827'392 bytes
First seen:2020-08-06 06:34:17 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:NZm7vUcNonc6uTPLJK0FI0wa3jDYKHAKQ2:NSUlLQJT7x3jbH
TLSH C4057B2461362697D7EC80B44F0C724459E392B51A9EF7C5FCBB2885F3926B06B2CD1B
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alfalahgroup.com
Sending IP: 156.96.46.79
From: Srividya ( sales@alfalahgroup.com )
Subject: 30 % advance order
Attachment: PO478027 India .iso (contains "PO478027 ( India ).exe")

AgentTesla SMTP exfil server:
webmail.mrconsult-kw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60232e3ba91c3cc659973469104b3a3958f361d9ac5ce0ec6edab50d9224ad57/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 03:38:26 UTC
AV detection:
17 of 47 (36.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mars4o5jdq6mmwmxgrurasz2hfmpgyozvroob3do3k2q3erevvlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/60232e3ba91c3cc659973469104b3a3958f361d9ac5ce0ec6edab50d9224ad57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 60232e3ba91c3cc659973469104b3a3958f361d9ac5ce0ec6edab50d9224ad57

(this sample)

AgentTesla

Executable exe ac8a58b595935beadffe17dbb536d1a015ff5b1b7681ddae0d781afaa8caa253

  
Dropping
MD5 32fa9c4e35185145a2fe2762d88593e8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac8a58b595935beadffe17dbb536d1a015ff5b1b7681ddae0d781afaa8caa253

Comments