MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f17529fa89fe55728e6e6204f78cdc50679f910177d01c4395924391f8b914f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f17529fa89fe55728e6e6204f78cdc50679f910177d01c4395924391f8b914f4
SHA3-384 hash: 38f552e5132b46d77c3ff33f1bdcf50933ad8e554956566a0e4e236a11599ba2aaf1453277ef92e82e678dc0103e0bf6
SHA1 hash: 28bf58c4c5dd60a5501f9e27965aae80708bd9ab
MD5 hash: 4faf64ae2ad1bde6bc240acbafff5ed3
humanhash: april-kilo-mockingbird-lactose
File name:Neworder-Inquiry1009362.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-07-21 07:26:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:TfzG3WA4wLgbmVqBA/OKlyioVCY2Cd0IqJK9L:7zv5wcbmVjiigmUqJg
TLSH AE459D10D7B84AD9E3BA53BCE870010487B4B50AA7FAE7591B86F0ED1922711DB13F67
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mfwd28.mailplug.co.kr
Sending IP: 14.63.195.62
From: 한국종합기계 <hangook@hangook101.com>
Subject: New Order INQUIRY 1009362
Attachment: Neworder-Inquiry1009362.img (contains "Order1087240pdf.exe")

AgentTesla SMTP exfil server:
webmail.saritatravels.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WYG.30445.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f17529fa89fe55728e6e6204f78cdc50679f910177d01c4395924391f8b914f4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 07:28:09 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6f2st6uj7zkxfdtomicppdg4kbtz7eibo7ibyq4vsjbzd6fzct2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f17529fa89fe55728e6e6204f78cdc50679f910177d01c4395924391f8b914f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img f17529fa89fe55728e6e6204f78cdc50679f910177d01c4395924391f8b914f4

(this sample)

AgentTesla

Executable exe f1677cc4e344449edc0f1aee639dd24fedd8a91bf17b4be11e3b71543bac301e

  
Dropping
MD5 eca7c987418ed08b28e1f61ed404cac0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1677cc4e344449edc0f1aee639dd24fedd8a91bf17b4be11e3b71543bac301e

Comments