MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b40f93b0af8208e0e515509b36c4a63632dd306bd92f1d6214ac540bcd688205. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b40f93b0af8208e0e515509b36c4a63632dd306bd92f1d6214ac540bcd688205
SHA3-384 hash: 3307ed73f4896f73d8169108caa33d80f68b45f4a3ab78c6d3c8a714b699b0915b05447fdbaf5a6982ba52780d2f2f70
SHA1 hash: 9d02c2f3b46bf46731be67543728d8fae1b05c7a
MD5 hash: 0c86a197da8b4ede75e7fac4b6c00f40
humanhash: high-happy-eleven-sierra
File name:New Order.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:507'904 bytes
First seen:2020-07-03 08:30:39 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:reXagPCBuJRqufCHd6LK/pMVvIRHBdWk:riagPCMJ5bKh2A
TLSH 0EB402315284FE26D06E8EF8A01020201F76651366B3E3DCBECD65E267EB7508E65F97
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: eagle266.startdedicated.com
Sending IP: 69.64.39.14
From: Judy Zhong <sales@hgmetal.com>
Subject: Re: Re: RE: Order
Attachment: New Order.iso (contains "New Order.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b40f93b0af8208e0e515509b36c4a63632dd306bd92f1d6214ac540bcd688205/
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 08:32:11 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqhzhmfpqieobzivkcntnrfggyzn2mdl3exr2yquvrkaxtliqicq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso b40f93b0af8208e0e515509b36c4a63632dd306bd92f1d6214ac540bcd688205

(this sample)

AgentTesla

Executable exe 988db21dd029495560fbc35f0286e1dac02759543fef7f6486affdaa6acd6f2e

  
Dropping
MD5 bf4e84dbe1b0bb0f959b3f63bb6aff29
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 988db21dd029495560fbc35f0286e1dac02759543fef7f6486affdaa6acd6f2e

Comments