MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c408307584892b15f2b14725779d357abeb0ec4bc7b2262deccb54c013be74c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c408307584892b15f2b14725779d357abeb0ec4bc7b2262deccb54c013be74c1
SHA3-384 hash: 91eb1e3ab5d138527b5fb63cdf1f1f7ce676253d8df1e57fdabfc88f03ca118ba9d7e8b2f8e22f8507b12ab5a3dfaff9
SHA1 hash: 884edc6c6bf0c7b5181d69047a8c92608903591e
MD5 hash: ff938031ff59ef3b6799fb9355df0510
humanhash: robert-mars-sweet-papa
File name:PO 2207-2013-31623-AC.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'652'736 bytes
First seen:2020-05-28 06:11:20 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:3tb20pkaCqT5TBWgNQ7aBDFgm+IrPcGbCk9qNRemYM6A:0Vg5tQ7aBD2wcqCEqNRp15
TLSH 7875E02273DD8364C7B252737A16B7016EBB7C2506B1F46B2FD8393CAA70161521EB63
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: canaanengg.com
Sending IP: 45.11.19.32
From: PURCHASE <purchase@canaanengg.com>
Subject: Purchase Order 2207-2013-31623-AC for June /Dec Supply
Attachment: PO 2207-2013-31623-AC.iso (contains "PO 2207-2013-31623-AC.scr")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 00:05:31 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso c408307584892b15f2b14725779d357abeb0ec4bc7b2262deccb54c013be74c1

(this sample)

AgentTesla

Executable exe f7874f0fbf38ca0f147b393300b4349e00a35f84bee132f856e2d08a60ee8e89

  
Dropping
MD5 d43f575a5d9dcfe571a0c144f2fc5f02
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f7874f0fbf38ca0f147b393300b4349e00a35f84bee132f856e2d08a60ee8e89

Comments