MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfbcaca8da7e518b8f3020f2a5c65d428ceeff0e3419cf993a544ef2db6c7734. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfbcaca8da7e518b8f3020f2a5c65d428ceeff0e3419cf993a544ef2db6c7734
SHA3-384 hash: aa2c275ee8be3bb52bed69af1125923c77a18d289b145c3380d825d0ac00a6e261494d39593d3b9ef5a44d2ca2cde4e2
SHA1 hash: 979018c02c1ea3cb4244bbe8d136a31b1fc1e56b
MD5 hash: 6adb8ba9531b497dcdd149831ed99d41
humanhash: arkansas-bakerloo-uranus-chicken
File name:Urgent Shipping Documents.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:727'040 bytes
First seen:2020-06-12 06:37:45 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:VaUB6VEt6hY2b8w0rUSzK3qITKhW+v9pxLtT1CN:JB6NhdbX0rUSzK3qIT9eVL51C
TLSH 58F45B3A7A896801D53D067250E5669066B3B5433E52CB0F3DDE67ACAF033CF6B0539A
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.orlonvalves.com
Sending IP: 134.122.56.7
From: DHL | Express Shipping <info@orlonvalves.com>
Subject: Urgent: Shipping Documents
Attachment: Urgent Shipping Documents.iso (contains "Urgent Shipping Documents.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.67575.6294.14591.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:39:08 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z66kzkg2pziyxdzqedzklrs5ikgo57yogqm47gj2krhpfw3mo42a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso cfbcaca8da7e518b8f3020f2a5c65d428ceeff0e3419cf993a544ef2db6c7734

(this sample)

AgentTesla

Executable exe 71a70df5c7c67027b1dbb0f8681d0d2777aae7e86e1cbf6a6373b1b379b55a89

  
Dropping
MD5 6d2d64ef7fb4d089ee548bd5c40a95ef
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 71a70df5c7c67027b1dbb0f8681d0d2777aae7e86e1cbf6a6373b1b379b55a89

Comments