MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5ae2bc82a0f0e6ecd9eff9d4dbcd0f8a731d5233f6c540ab1d72af121485344. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5ae2bc82a0f0e6ecd9eff9d4dbcd0f8a731d5233f6c540ab1d72af121485344
SHA3-384 hash: 65bab914d8aec8c19e6bba3bfe0783a008803bbe91de81fa8f8e86ac5dfb6b1bbe7b0e15c73e53461921a39ba24beffa
SHA1 hash: d2b5e240141d8361d2d87cfe9bbadab42332e8b3
MD5 hash: 0976dde89ad11e03be979ba77aa1fe6b
humanhash: rugby-uranus-july-seventeen
File name:Scan_Documents_93754738243.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:536'576 bytes
First seen:2020-04-30 09:39:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:jxkZlTmWxu2lmsnlY+nl4jO9pP1caZYJXaP3HEWoRji:QYWxZms6eB9R1XZEXaPE7ji
TLSH 7AB4F12222858A0BDA980DF444126314837AAE967567F3DE7CDE31EE1FF37D26589343
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dobarhosting.com
Sending IP: 78.47.62.128
From: Talha Ayaad <sales@emsolutions.com.au>
Subject: FW: SCAN DOCUMENTS 22700000033832
Attachment: Scan_Documents_93754738243.iso (contains "Scan_Documents_93754738243.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 03:53:47 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wwxcxsbkb4hg5tm676ou3pgq7cttdvjdh5wficvr24vpcikiknca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso b5ae2bc82a0f0e6ecd9eff9d4dbcd0f8a731d5233f6c540ab1d72af121485344

(this sample)

AgentTesla

Executable exe f2af8295bc5013c70ef246c1a732c8e3d783ffb6a7e5112810caf1c24e52adc6

  
Dropping
MD5 565c3133d460d920e6baa74b40b3b9a3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f2af8295bc5013c70ef246c1a732c8e3d783ffb6a7e5112810caf1c24e52adc6

Comments