MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c799889c7eb24ce69168ae7965a164fb0547a25b52b3f36f33bde53bf2f916b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c799889c7eb24ce69168ae7965a164fb0547a25b52b3f36f33bde53bf2f916b3
SHA3-384 hash: ebf84ef7f3e60785b28cd9214f39381252198c02f0683cc9ae71405ce0b32bf62fd6b8d74b5bf94494c933b6084c5b8f
SHA1 hash: f575537db55cb3a3851dfc3917c447fa51c2a44e
MD5 hash: 94c550fcf94d4361d562ace9aeb83a13
humanhash: connecticut-lake-single-zebra
File name:SKM-CA1007384Pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-14 10:34:46 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:lgr/GExLfIZXd7hqg9cirVTADH3eQarlloVEpy1Ur3:3ExjKddqgvNwH3IrDzy1
TLSH 4745CF3522985B52F03EA7BC5670111003F2A866D737EE4EFEB902EA0E66BD04777716
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.203
From: info <pepsontoys3@pepsontoys.com>
Subject: Re: inquiry
Attachment: SKM-CA1007384Pdf.img (contains "SKM-CA1007384Pdf.exe")

AgentTesla SMTP exfil server:
mail.dogulumetal.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.19976.8089.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c799889c7eb24ce69168ae7965a164fb0547a25b52b3f36f33bde53bf2f916b3/
Threat name:
ByteCode-MSIL.Trojan.LokiSteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:36:08 UTC
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y6myrhd6wjgonelivz4wlile7mcupis3kkz7g3ztxxstx4xzc2zq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c799889c7eb24ce69168ae7965a164fb0547a25b52b3f36f33bde53bf2f916b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img c799889c7eb24ce69168ae7965a164fb0547a25b52b3f36f33bde53bf2f916b3

(this sample)

AgentTesla

Executable exe 924a88861bc8088ea5d9bd39765638b6376bcbe32930413ebb0dfb688554e0de

  
Dropping
MD5 45afcb4d40728f5c24e7f6bb1f8b1922
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 924a88861bc8088ea5d9bd39765638b6376bcbe32930413ebb0dfb688554e0de

Comments