MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5a59089ac0b56ed7260fde4f4ccc0a55a1ad26b0dcde8816ca6ae0a4c86074e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5a59089ac0b56ed7260fde4f4ccc0a55a1ad26b0dcde8816ca6ae0a4c86074e
SHA3-384 hash: aa7d39fdb517f8f900933bf352460419fd444812990a3b779676c7995f0ce1d914ce691543f440cc45365e2b663d1452
SHA1 hash: a1dd40d210b819867c2a43165103e99bdee0ca31
MD5 hash: 458df4a5388ebb47e7aed746e960f63f
humanhash: beryllium-green-friend-victor
File name:KSK P.O. 4209.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:575'488 bytes
First seen:2020-05-26 10:46:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:QTrcWiaDS6VfuR+BAf1M+dC7HgSvb2lM6q9plZDaK8ZLpOvWd3NKs6:QTIFslFY+c1M+gJZ
TLSH BFC4BE9C3610B2EFC45BC976DAA41C24AA61B477571BD343B01B12AC9B0E69BCF116F3
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: host21.axxesslocal.co.za
Sending IP: 197.242.148.137
From: Erik smeyers <ros@rancamaya.com>
Subject: KSK P.O. #4209 (JAPAN)
Attachment: KSK P.O. 4209.iso (contains "KSK P.O. #4209.exe")

AgentTesla SMTP exfil server:
smtp.ociii.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 12:59:59 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso b5a59089ac0b56ed7260fde4f4ccc0a55a1ad26b0dcde8816ca6ae0a4c86074e

(this sample)

AgentTesla

Executable exe 0c5dc88bb682a7d7a2a94c0a5da41ee4133888d2d67c1ace65dce27561dadad2

  
Dropping
MD5 e1181cf8c4a460c6ef0b32964e936003
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c5dc88bb682a7d7a2a94c0a5da41ee4133888d2d67c1ace65dce27561dadad2

Comments