MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2cc043ed0644338e5549282fc0b292e62d7ed736428556bfc9a6a2e2d870c4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2cc043ed0644338e5549282fc0b292e62d7ed736428556bfc9a6a2e2d870c4f
SHA3-384 hash: 9524e3e52660b4093ffc63bb9a612385b35ebd70af12a2464d1b7f9f9c56e3d139c0b62713251a0c889562a5b6bd42ce
SHA1 hash: 697d4772fb8a56a52c0e73eb5fb156ee8d9a4c30
MD5 hash: 8ae4b98b3f94b3aeb7a9fc3c8f8763b8
humanhash: minnesota-fruit-happy-snake
File name:P.O.405576.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'097'152 bytes
First seen:2020-04-30 12:11:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:+AHnh+eWsN3skA4RV1Hom2KXMmHa4WV1q9l3OaOmJ/JIx+CVPKfQ5:ph+ZkldoPK8Ya4mQl+nmJ4/VPKO
TLSH 25A5BE0263B18427FEAEB1735B55B201A678E8143323CDEF12B8E97869711E1177D36B
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.212
From: ref@intertach-group.com
Subject: P.O. 405576
Attachment: P.O.405576.img (contains "P.O.405576.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 12:37:14 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wlgaipwqmrbtrzkuskbpyczjfzrnp3ltmqufk274tjvc4lmhbrhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img b2cc043ed0644338e5549282fc0b292e62d7ed736428556bfc9a6a2e2d870c4f

(this sample)

AgentTesla

Executable exe bfd48afd0b518be91820b2d431b4499699358e50bd0d23b9c78c476bf0783a11

  
Dropping
MD5 3045b140534661e6707423388471d30a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bfd48afd0b518be91820b2d431b4499699358e50bd0d23b9c78c476bf0783a11

Comments