MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 777a5bf0ea3b77ba095993578fac46e50a1677a89f012ff1023d48bf0dbb8c2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 777a5bf0ea3b77ba095993578fac46e50a1677a89f012ff1023d48bf0dbb8c2d
SHA3-384 hash: 68ae50e469719068218bb1f2c8451514038d6946a37d80cba26bceb715067e9e54cc4ef1d476e7a147df17979361c16f
SHA1 hash: b8078a1a7a724710bba41f40fedf51f1a59ff999
MD5 hash: 86cad26b0e150075250cdb6f765d5e8d
humanhash: robert-berlin-march-three
File name:PO-TSP-732.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-02 10:13:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:baUDG3Kp15i6VEJD6LpoaBjQ0igmW1j2JSLQurZTCjM0JOVsRRtlf571cWBi/Ar+:baUDds6VEt6u07X9k/OV4CW0o6f
TLSH 5D454B3E76856405D13D06738095A6D1A3B1A5833E12CB0F7EDE67ACAF023CB3B57269
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: spl49.hosting.reg.ru
Sending IP: 37.140.192.41
From: sophia@weichuangmfg.com
Reply-To: sophia_wechuangmfg@hotmail.com
Subject: Order confirmation needed PO-TSP-732
Attachment: PO-TSP-732.img (contains "Invoice INV7913708.exe")

AgentTesla SMTP exfil server:
mail.chenklins.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:23:00 UTC
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o55fx4hkhn33uckzsnly7lcg4ufbm55it4as74ichvel6dn3rqwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 777a5bf0ea3b77ba095993578fac46e50a1677a89f012ff1023d48bf0dbb8c2d

(this sample)

AgentTesla

Executable exe 1b4edda8f293ac8fba3e2bc1bf84406f61213e1f91f369f344cfcf755867ec6e

  
Dropping
MD5 b98ede92e6650ce0cb86e3c283523ec3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b4edda8f293ac8fba3e2bc1bf84406f61213e1f91f369f344cfcf755867ec6e

Comments