MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce966f9dd84c3f6a5b1addf2b6d5cb0f385a2d621c5ebe11413757d82a7f277f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce966f9dd84c3f6a5b1addf2b6d5cb0f385a2d621c5ebe11413757d82a7f277f
SHA3-384 hash: 2cc1ad4b210688894f1e60ffcb0db893df0d25ffd46c7d7d57b641fb94a5e7ba272da18e0a29d86283563c4336012340
SHA1 hash: b7130490caf1b9c74ee0e4c8d400394133fa2fc2
MD5 hash: 03c9749a71587670cef8f32542e0118f
humanhash: johnny-sixteen-saturn-white
File name:Scan0001.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:970'752 bytes
First seen:2020-08-04 12:20:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:Xz7G/lsTGbsiZQfwgZLObQINANWz3O6Ex7FxBwWLtn897iyGtcjTlwGS:XetNafLLOM9QKlNwWRn+7i5tcjTC
TLSH A4256A1FB3AC453FD1A2163D7C3A5EB4482EBE03292C5A46FBE8ED0C4E3467429152D6
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta1.domainmanager.icu
Sending IP: 185.144.30.165
From: "Mohamed P Jemli" <info@domainmanager.icu>
Subject: RE: Transfer Confirmation 200463237
Attachment: Scan0001.iso (contains "Scan0001.PDF______________________________________________________________________________________________.exe")

AgentTesla SMTP exfil server:
smtp.gdrogroup.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce966f9dd84c3f6a5b1addf2b6d5cb0f385a2d621c5ebe11413757d82a7f277f/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 12:22:06 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2lg7hoyjq7wuwy23xzlnvolb44fullcdrpl4ekbg5l5qkt7e57q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ce966f9dd84c3f6a5b1addf2b6d5cb0f385a2d621c5ebe11413757d82a7f277f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso ce966f9dd84c3f6a5b1addf2b6d5cb0f385a2d621c5ebe11413757d82a7f277f

(this sample)

AgentTesla

Executable exe 127670364822f9ec0ec2c9c7270830fdf703f03bbdc95db93b63579f2fc991fd

  
Dropping
MD5 15bca310da4cf0c27861dbe8676b8cf3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 127670364822f9ec0ec2c9c7270830fdf703f03bbdc95db93b63579f2fc991fd

Comments