MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7af469687fdc36a3c87ead1e8aed8192130e765f930eebabfca457a9a395daa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7af469687fdc36a3c87ead1e8aed8192130e765f930eebabfca457a9a395daa
SHA3-384 hash: fe40d739a859f8b7c058d989a5334eae403dbae6a61b42673c1f82a2065bd1ec9fb2634ef9bef8fbcb03d512b74d6b69
SHA1 hash: 44ff307bbfe230a7eb1f885b0f036f1e03821458
MD5 hash: e39260002554448cba7e2d8ad8a95c0f
humanhash: bulldog-april-autumn-california
File name:overdue invoice.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:499'712 bytes
First seen:2020-06-16 11:37:03 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:qaU/sghDdAaAlU8hjHMRdMRDGv/fu+Kb8XgBLh7tYhDr7SgWmD0gGm0lK4s:qaXyD3AlUMOaYXfeqwLdk7SG0m94
TLSH 02B41258638C5325D63D677D85E0291003FBB0233932D75E7D8C3AABABA37D15902BA7
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: grupoimebur.com
Sending IP: 193.142.59.89
From: Gerrard Meek<admingerrard@grupoimebur.com>
Subject: LIBERACIÓN DE PAGOS VENCIDOS
Attachment: overdue invoice.iso (contains "makeve crypted.exe")

AgentTesla SMTP exfil server:
makaveorigin.cf:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.4a806c6ffed2bc93.30002.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 11:39:03 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w6xunfuh7xbwupeh5li6rlwydeqtbz3f7eyo5ov7zjcxvgrzlwva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso b7af469687fdc36a3c87ead1e8aed8192130e765f930eebabfca457a9a395daa

(this sample)

AgentTesla

Executable exe fc0baaddb45b01c001d06f6d819cdc37c1df3e210508eb1e71d365a696d37144

  
Dropping
MD5 543d8f5a488acff94bc01c9e74ec3786
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc0baaddb45b01c001d06f6d819cdc37c1df3e210508eb1e71d365a696d37144

Comments