MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e86b53ffc2bc77e9e45efe3ece795d077e8568f382c86caaba9f5ab4be40188. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e86b53ffc2bc77e9e45efe3ece795d077e8568f382c86caaba9f5ab4be40188
SHA3-384 hash: 78bcc2dccc3d3c17e9ff0a4b58bbf0448b1c63d6553faf882f950a01cf39dacc3869af7a65ecd8d4f6b1311aee8c5f27
SHA1 hash: 7d681a37e898968c5bfe638fea7713fbeeab8a25
MD5 hash: e61a7099a56d38e9882411c018cd3e31
humanhash: vermont-network-california-lion
File name:CFFDA Certificate Test Kits covid-19.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-04-01 14:57:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:BDaxHbDWAmoPG0mKcuFys76BlgheyNGb/zt0wlrAMy9AAoLK5unf0K+gauN:FaxHWuF3KmhRWR0YAsZ8Bu
TLSH D245BE3D189B9276EEB8F2B4D6445239F268E323B103EC1C7D9F66B4FB11A6161C111E
Reporter abuse_ch
Tags:AgentTesla COVID-19 img


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: server.clinicasom.com
Sending IP: 185.76.77.225
From: sales Trading LLC <soporte@clinicasom.com>
Subject: CF&FDA Certificate Test Kits covid-19
Attachment: CFFDA Certificate Test Kits covid-19.img (contains "CF&FDA Certificate Test Kits covid-19_pdf_______________.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.9592.19296.7049.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 15:35:24 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
20 of 47 (42.55%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2dlkp74fpdx5hsf57r6zz4v2b36qvuphawinsvlvh22ws7eagea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 8e86b53ffc2bc77e9e45efe3ece795d077e8568f382c86caaba9f5ab4be40188

(this sample)

AgentTesla

Executable exe 22c79b1b5f13a1133cbff7f937d3f87e03e7d5b335674a776a8a5baa2d72e334

  
Dropping
MD5 9c34dd71db09bb6042a36b38b3eff73a
  
Dropping
SHA256 22c79b1b5f13a1133cbff7f937d3f87e03e7d5b335674a776a8a5baa2d72e334
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 22c79b1b5f13a1133cbff7f937d3f87e03e7d5b335674a776a8a5baa2d72e334

Comments