MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9451d1598ae54e8450992928b95803f968599bfd3b9a9b715d0a7ed74b12a5c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9451d1598ae54e8450992928b95803f968599bfd3b9a9b715d0a7ed74b12a5c2
SHA3-384 hash: d84b47bed5cf3127e952b12e4f4a7f3b43b74764e3b2f015557c807ef3620b7b7c718cf3929038ee21ec370633641213
SHA1 hash: c61a5cb572f70dca6aea3faac2a6f06d1c2918f3
MD5 hash: d63f2c6fcedc846ffbc9bc72503ca89e
humanhash: uranus-stairway-burger-saturn
File name:INV_27072020_9982887882_993899.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:808'960 bytes
First seen:2020-08-03 07:24:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:jZnVKDTViiHWs0H/3b6Wx/wtmqOFOUW3WPeOULGAU8:Z44isf3bXot2CWzULf
TLSH 7D05AF62B6F00537C1272A3C9D5B77749C2ABF106A28A8766FF91C4C4F3968139F6193
Reporter abuse_ch
Tags:AgentTesla DHL img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.macartajans.com
Sending IP: 89.252.130.69
From: DHL | Express Shipping <DHLEXPRESS.BILLINGID@dhl.com>
Subject: Urgent: Shipping Documents (FINAL WARNING)
Attachment: INV_27072020_9982887882_993899.IMG (contains "INV_27072020_9982887882_993899.exe")

AgentTesla SMTP exfil server:
smtp.knmbz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9451d1598ae54e8450992928b95803f968599bfd3b9a9b715d0a7ed74b12a5c2/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 07:26:10 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sri5cwmk4vhiiuezfeulswad7fuftg75honjw4k5bj7nosysuxba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9451d1598ae54e8450992928b95803f968599bfd3b9a9b715d0a7ed74b12a5c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 9451d1598ae54e8450992928b95803f968599bfd3b9a9b715d0a7ed74b12a5c2

(this sample)

AgentTesla

Executable exe 8ec138573f2b77cd4a2772d6d2abcc2130ac1d901340505332ce78fc7096622e

  
Dropping
MD5 58bb8131209ea7b68da05fb862fd5873
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8ec138573f2b77cd4a2772d6d2abcc2130ac1d901340505332ce78fc7096622e

Comments