MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da713f02e7044a3b63ea9a30006db81ba4577d87b0611aa95205be1df742aea1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da713f02e7044a3b63ea9a30006db81ba4577d87b0611aa95205be1df742aea1
SHA3-384 hash: cc97b7649e032dfd41c5f5f6b0c20b10c670ed27dfffc6a14f06aba4f5d4bb95d2a685b904e9627d9b9dac8651fd87bb
SHA1 hash: 6b79644051ba3065d7b9ee5a9b6921ada90c24df
MD5 hash: 9207699851aef20c5bd98ff9bc8c44b6
humanhash: alpha-victor-johnny-foxtrot
File name:New PO JINDAL GROUP JUNE SUPPLIES.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'310'720 bytes
First seen:2020-06-03 08:06:54 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:PdoRpzi2R5lTHxYYRxFTv4FPkmQF6gXJgiDOUJ1E41kFZSz3NT7vw+yMogpl2:AzVLTHmYRTWK7XJgep
TLSH 19556D59336072EEFB72E4F2DD5C2E24E520ECFF8A46B80A5313396B561C452DA36076
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jindelgroup.com
Sending IP: 103.133.105.20
From: Amit Bilal <jindal_export@jindelgroup.com>
Subject: JINDAL NEW ORDER JUNE SUPPLY
Attachment: New PO JINDAL GROUP JUNE SUPPLIES.img (contains "New PO JINDAL GROUP JUNE SUPPLIES.exe")

AgentTesla SMTP exfil server:
mail.ilclaw.com.ph:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 00:33:00 UTC
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3jyt6axharfdwy7ktiyaa3nydosfo7mhwbqrvkksaw7b352cv2qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img da713f02e7044a3b63ea9a30006db81ba4577d87b0611aa95205be1df742aea1

(this sample)

AgentTesla

Executable exe bd0942599a238c4cdc3c2da9351ce62e14e6a212513ddd66b9da598fb35dcbf2

  
Dropping
MD5 56691af2924510627ff5ebfebbf34ae6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bd0942599a238c4cdc3c2da9351ce62e14e6a212513ddd66b9da598fb35dcbf2

Comments