MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e74845060e571f036fb575fbcfa279bff947e46511b73c938ffeed0c7b5241a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e74845060e571f036fb575fbcfa279bff947e46511b73c938ffeed0c7b5241a3
SHA3-384 hash: 2f27df2f943c1adc14540bbe8d02039627632e7046c64bb811a6ba9781faf50cf457ffdd785a2a38384c5eb77c5e74ba
SHA1 hash: 8cf4b71690b5cd3033be8a412175b07b8c4b117b
MD5 hash: 3949c1b2d06085825cb773d5ee1bb8b0
humanhash: oven-zulu-early-hawaii
File name:Ultra Authorization doc. 30032020.pdf.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'693'696 bytes
First seen:2020-05-28 11:42:30 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:qtb20pkaCqT5TBWgNQ7auVFgm+7ATBuzvgtFwDELHhL1loYByfDNk6A:XVg5tQ7auV2DATBK1KH/lPMf25
TLSH 8875DF13239D8264C3BE51737A1573016E7BFC2535A5FCBB2F98D93CAA201215E0A66F
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cpns3.citechco.net
Sending IP: 203.191.33.193
From: Andrew Yang crystal <crystal_ong@sungreen-asia.com>
Subject: FW: Swift Payment Copy - Incorrect Bank Details provided
Attachment: Ultra Authorization doc. 30032020.pdf.iso (contains "Ultra Authorization doc. 30032020.pdf.scr")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 12:51:54 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso e74845060e571f036fb575fbcfa279bff947e46511b73c938ffeed0c7b5241a3

(this sample)

AgentTesla

Executable exe 33f3c581f4bc6cb4c7e6b63a6857220ab404020f188650f11bf0ec55e96877a4

  
Dropping
MD5 4a8543e1f72c62652c16e18368c1f7b6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 33f3c581f4bc6cb4c7e6b63a6857220ab404020f188650f11bf0ec55e96877a4

Comments