MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d029e28eba1b1b452af0e14d7774454f7eb361edbed48d3cbc61945c7c7af1ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d029e28eba1b1b452af0e14d7774454f7eb361edbed48d3cbc61945c7c7af1ec
SHA3-384 hash: a4a223f0a15cf3e6206a87f4063f01ec9431bb4ab1e5a40b2d7b1ad9e3a951948bd91d5f46033047376a56d47b208c4b
SHA1 hash: 6d31af052076dde88115a16939af7e31485f63ee
MD5 hash: a88a17ad363fa3f5731186de9de1aeeb
humanhash: jig-magazine-nevada-autumn
File name:POBA205783.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'835'008 bytes
First seen:2020-07-28 14:12:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:1Kba++us91MCh/EORfdn1+YwutF7BoHk0wB:1Kba84FRfK1uf7BCw
TLSH EC856B192540560ED23F963464AAD9F02273E186BF21CA2F2DDFC75B5F812EE368705B
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.24january.ro
Sending IP: 5.2.182.144
From: "Pavel SÎRBU" <psirbu@basadoro.md>@mail.24january.ro
Subject: BASADORO AGRATEH S.R.L.: Pre Season PO:BA205783
Attachment: POBA205783.IMG (contains "POBA205783.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.52692.30480.23910.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d029e28eba1b1b452af0e14d7774454f7eb361edbed48d3cbc61945c7c7af1ec/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-28 14:14:10 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2au6fdv2dmnukkxq4fgxo5cfj57lgypnx3ki2pf4mgkfy7d26hwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img d029e28eba1b1b452af0e14d7774454f7eb361edbed48d3cbc61945c7c7af1ec

(this sample)

AgentTesla

Executable exe ecec6bc15469d091bef2e4d0e0c541cac2dfcb8b21f5af5347327caa7159c97d

  
Dropping
MD5 9e343e02b5cc10670c3e685258397c72
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ecec6bc15469d091bef2e4d0e0c541cac2dfcb8b21f5af5347327caa7159c97d

Comments