MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92ed99f126fb56e2ce180924150d342ad4ea877f3f28af5355af1f7c7ab113d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92ed99f126fb56e2ce180924150d342ad4ea877f3f28af5355af1f7c7ab113d0
SHA3-384 hash: 628afb7d94dbf62f5bce8eafa2ed0328d96852d71a4ac339881073d8ae8d24ced06dfa70c56e95a59c30125a267ef404
SHA1 hash: 92bc88c7ea5cb261b0c487f11eb9ae743e72719e
MD5 hash: fbff61c0083247e67869322b86abc3ac
humanhash: low-yellow-crazy-monkey
File name:ORDER NO 021.ISO
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-16 19:03:22 UTC
Last seen:2020-07-17 05:11:51 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:RNRLcux2k4zUedAg48YAKtNiHnPlsustG4zM/tLmlu3:Z4Reg4xngnqG4
TLSH E1459DDC3550719EC44E8D768954DC30AA202C22F6FBD20673CB6E9FBA3D596CF152A2
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: s20.bluecast.ae
Sending IP: 213.239.199.114
From: Beth Thompson <beth.thompson@sbcglobal.net>
Subject: PURCHASE ORDER NO:021
Attachment: ORDER NO 021.ISO (contains "fty.exe")

AgentTesla SMTP exfil server:
mail.blackpearl-tours.com:587

AgentTesla SMTP exfil email address:
res@blackpearl-tours.com

Intelligence

File Origin
# of uploads :
2
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.16952.6677.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92ed99f126fb56e2ce180924150d342ad4ea877f3f28af5355af1f7c7ab113d0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 14:18:10 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=slwzt4jg7nloftqybesbkdjuflkovb37h4uk6u2vv4pxy6vrcpia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 92ed99f126fb56e2ce180924150d342ad4ea877f3f28af5355af1f7c7ab113d0

(this sample)

AgentTesla

Executable exe 37e2ca0ea6838887745d5f452aea15de2a0ea556a9095a87962c103489942e08

  
Dropping
MD5 70e0f7eacd578fef1b19738934c8cc1e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37e2ca0ea6838887745d5f452aea15de2a0ea556a9095a87962c103489942e08

Comments