MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6adbfb7e17e7699286eb56d0f5ea2572ee9de86ed3d3164a0b2044ae0b7e8be2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6adbfb7e17e7699286eb56d0f5ea2572ee9de86ed3d3164a0b2044ae0b7e8be2
SHA3-384 hash: 97aecbd5ff5fd60c7f69b379a081376c753b3519f573742c4284e1613cb6ed9802cd331e87da58e3b3555da9e03aec05
SHA1 hash: ac980e72170baed102c0fa8089d5a9665627d63c
MD5 hash: c6d875af7f9ee6a8160d286f78baf04a
humanhash: enemy-oklahoma-oven-texas
File name:Shipping Documents.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:808'960 bytes
First seen:2020-06-25 08:56:39 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:wM20VQ2JyQVeoOXDso76VaFJxM3e6v6AyLWDhQaZWA9V9pQ1+LGV6Gb+4FZtXsBS:wMzQ2JyQVwXhjF83ehjaMQ9FGVb+4eB
TLSH AF055B3E7BC47906D53D4A7200AA669166B1F1432E12C70F3ACDA76CAF017CE7B46399
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.alvindoprt.ml
Sending IP: 173.82.238.49
From: ASIA_DHL | Express Shipping <info@alvindoprt.ml>
Subject: Urgent: Shipping Documents
Attachment: Shipping Documents.iso (contains "Shipping Documents.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.349.9640.27109.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6adbfb7e17e7699286eb56d0f5ea2572ee9de86ed3d3164a0b2044ae0b7e8be2/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nln7w7qx45uzfbxlk3ipl2rfolxj32do2pjrmsqlebck4c36rpra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 6adbfb7e17e7699286eb56d0f5ea2572ee9de86ed3d3164a0b2044ae0b7e8be2

(this sample)

AgentTesla

Executable exe 288b7fbde289cdb538509c40328aab30920cd1cc526cb91465716f63fa699a5d

  
Dropping
MD5 711ddf2cf52620039034ceff9a295710
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 288b7fbde289cdb538509c40328aab30920cd1cc526cb91465716f63fa699a5d

Comments