MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef532b7599eb9bf2fc0b623d8568253e528b0eb8f0d85e93240cb19f3a7319e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef532b7599eb9bf2fc0b623d8568253e528b0eb8f0d85e93240cb19f3a7319e7
SHA3-384 hash: cc15c846c9c62ddfecefa3c24133f3f91cb459e9f555d82e7e99888ef0522ee74ea11bcb19c18cb7b7ce3281ddd636f0
SHA1 hash: b2941bda9cd76b3f6ceb7413cd01279108e09406
MD5 hash: af45006bf0bbefe448cfa41eba239e0a
humanhash: wolfram-hot-mike-pluto
File name:ScanNewOrder_IMG.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'310'720 bytes
First seen:2020-05-28 11:37:23 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Wy+QyJA+LlQdgv8E10la4UgahO6trYtE0gQ:Wy+Q2lLWy90cTQsYRgQ
TLSH A0550288B22C7E63DB7D58F88020AC4247B262376596F7CABDCDA0DB0BD7F905651187
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.tradengco.ga
Sending IP: 85.204.116.219
From: M. Anser Nasir <info@tradengco.ga>
Reply-To: acquisitions.ruswv@aol.com
Subject: Customer enquiry
Attachment: ScanNewOrder_IMG.iso (contains "RYBhrDeMPleUmKN.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 12:51:53 UTC
File Type:
Binary (Archive)
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso ef532b7599eb9bf2fc0b623d8568253e528b0eb8f0d85e93240cb19f3a7319e7

(this sample)

AgentTesla

Executable exe 242f7f6ffaf359eb1b04fdd6fb1dc116066341e80838cc0a9eb8683306a98e80

  
Dropping
MD5 ddcedc6c5eee7ab024355785fdb398d2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 242f7f6ffaf359eb1b04fdd6fb1dc116066341e80838cc0a9eb8683306a98e80

Comments