MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a17f3a238c2443788ba5b141dd55d2d9ec4d2c172defaf55fae460de5e527482. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a17f3a238c2443788ba5b141dd55d2d9ec4d2c172defaf55fae460de5e527482
SHA3-384 hash: 23d1be27a61d107ff1ff13666c6a63f42cf1392f8801cbd2da71146f65aecfacc1cbbd4323cc1048cbc9853a44a2be37
SHA1 hash: 0d972d6472e2d631571fb95d3ca486b3c70d5b2a
MD5 hash: a1bf91b18f750ce1cfa9aa501520ef51
humanhash: glucose-high-ohio-harry
File name:Outstanding Payment.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:577'536 bytes
First seen:2020-06-02 17:13:33 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:PJZfomS3ECH/KjwelyysWq0/QZ5yL6TLPe/LCf/NxOLCuM0LGr7:hpom4EiKjUy0041TLPSA
TLSH 6FC4AE9C761172EFC857D472DEA92C68EA5174BB831F5203A02B15EE9B4E887CF141F2
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx.vvillowood.com
Sending IP: 195.231.64.82
From: Deborah_ Fankhauser <merchant@vvillowood.com>
Subject: Re : OUTSTANDING PAYMENT Transfered #190919
Attachment: Outstanding Payment.iso (contains "Outstanding Payment.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 03:39:00 UTC
AV detection:
9 of 31 (29.03%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uf7tui4merbxrc5fwfa52vos3hwe2laxfxx26vp24rqn4xssosba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso a17f3a238c2443788ba5b141dd55d2d9ec4d2c172defaf55fae460de5e527482

(this sample)

AgentTesla

Executable exe ef0e3bf7214ec90fb27255e2da9ffaed76a80f56e807a542fd810587720e01ea

  
Dropping
MD5 b0a4ed2919f62cd6d0f24e74e76a3547
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ef0e3bf7214ec90fb27255e2da9ffaed76a80f56e807a542fd810587720e01ea

Comments