MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0d2d9da576153363d789d0751124594a9edf52ea54f0078ff71ce0b827cba44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0d2d9da576153363d789d0751124594a9edf52ea54f0078ff71ce0b827cba44
SHA3-384 hash: a74bb6fe0efa79f664bc501875f954d04636ef40e9aa44ebfa4f98c5f48b21c090105e7da8ea7f62a84747431d165aaa
SHA1 hash: c88fd9d533fadfcce37829cabfa70a40a6b687ec
MD5 hash: df306dc724272277ca50ad5d7bd81540
humanhash: king-fourteen-august-football
File name:ADNOC RFQ 978002410_scanned from a xerox multifunctional device007.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-08-14 09:36:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:gdzqFYNs4c03+l03++LLqxj63Ffg3qQCcpe9UUIwmBmZ:pYS03+l03+6GxjUFf+CcQ9UUfCmZ
TLSH 9B65BE5023D5446FE5667A348E32571802767C966A39C2C93ACF32CF9D3D3EE8B1076A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vzy0.laminopo.ga
Sending IP: 165.232.74.136
From: Ali Mohamed Al Suwaidi (ADNOC - C&CM) <aalsuwaid2@adnoc.ae>
Subject: Final Reminder: ADNOC RFQ 978002410 - Products Supplies Needed
Attachment: ADNOC RFQ 978002410_scanned from a xerox multifunctional device007.img (contains "ADNOC RFQ 978002410_scanned from a xerox multifunctional device007.exe")

AgentTesla SMTP exfil server:
smtp.strongpetrochem-com.me:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0d2d9da576153363d789d0751124594a9edf52ea54f0078ff71ce0b827cba44/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Suspicious
First seen:
2020-08-14 09:38:08 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6djntwsxmfjtmplytudvcesfssu635jouvhqa6h7ohhaxat4xjca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f0d2d9da576153363d789d0751124594a9edf52ea54f0078ff71ce0b827cba44

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img f0d2d9da576153363d789d0751124594a9edf52ea54f0078ff71ce0b827cba44

(this sample)

AgentTesla

Executable exe f6d6d792db19cd7c5e9bc9178a59c5cbfdc15890b1c1dfaa5087a02d344ada13

  
Dropping
MD5 1a1c7ecdc0709500ecafc8ae4d19fb40
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f6d6d792db19cd7c5e9bc9178a59c5cbfdc15890b1c1dfaa5087a02d344ada13

Comments