MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dcd84eeb92afc4b9a47de6f81beeac8d0fed0c0704ef6519fe3bdcd96516a0f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dcd84eeb92afc4b9a47de6f81beeac8d0fed0c0704ef6519fe3bdcd96516a0f2
SHA3-384 hash: f82eef92de1a165793816f5e0b8899b2851718a2089f096c7777e9c6153b7585193c1cd0ba39d3617f8f61a92d158313
SHA1 hash: eb48c6fe8267d13c9d236494a92f3905c5aa97a0
MD5 hash: bd68396a907255a34443536729586b6d
humanhash: triple-beer-low-triple
File name:scan8867.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:581'632 bytes
First seen:2020-05-13 11:15:05 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:OIZ3Cxw66/MVPO9Rv6GSbVNdJPlRZ4vun:tEg6GSbBJPljsun
TLSH ADC4DF5AF25A9C9AE40971F89875A92212673D597431CB0A78BF31194BB3383CC67F0F
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dig.digitalminds.co
Sending IP: 50.116.107.39
From: pamela.ojeil@newlookproduction.com
Subject: Enquiry for sample products
Attachment: scan8867.iso (contains "scan8867.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 11:37:19 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3tme524sv7cltjd5434bx3vmruh62dahatxwkgp6hponsziwudza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso dcd84eeb92afc4b9a47de6f81beeac8d0fed0c0704ef6519fe3bdcd96516a0f2

(this sample)

AgentTesla

Executable exe 6ca161c6cef800476badba7845b230cb377e09e4da7a6111503eb2f5c45bd3a1

  
Dropping
MD5 09b495b9f0537d2c27bb2c1c4a8312cd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ca161c6cef800476badba7845b230cb377e09e4da7a6111503eb2f5c45bd3a1

Comments