MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f33ba9f6fe2a3bb6de8131ebf091e0a83ba56cc0caa6447d030acd6f16d4a264. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f33ba9f6fe2a3bb6de8131ebf091e0a83ba56cc0caa6447d030acd6f16d4a264
SHA3-384 hash: 7f7443b52b63227c6b92857b906556a61622743bcd6e2eee1bc7be2cb706e45b1b62e0d6458609e8beffcd8a07a9dc84
SHA1 hash: e6e53c534e6bd35fd33649c95567e43132c90219
MD5 hash: d6084818142ac73d4e1a82939b173166
humanhash: solar-paris-island-pip
File name:Download_Tracking_Reference.11.05.2020.xlsx.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:544'768 bytes
First seen:2020-05-11 08:26:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:SqfCik3cRaX0ilogSJFAAF4w+E6y1itSVjIDdO2lxWfCEv:SqfCik3cRaX0ilsAAL+21XV0fx5w
TLSH CBC4CF0036AD2B7AF0B56BF56AA4A451D3B2706A3466E3AD5CD910CB43F5F41C8A0F37
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: DHL EXPRESS <dhlSender@dhl.com>
Subject: DHL EXPRESS SERVICE [YOU HAVE A PACKAGE READY FOR PICKUP]
Attachment: Download_Tracking_Reference.11.05.2020.xlsx.iso (contains "Download_Tracking_Reference.11.05.2020.xlsx.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Avemaria
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 11:15:13 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6m52t5x6fi53nxubghv7bepava52k3gazktei7idblgw6fwuujsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso f33ba9f6fe2a3bb6de8131ebf091e0a83ba56cc0caa6447d030acd6f16d4a264

(this sample)

AgentTesla

Executable exe 56a4523b72aef34982a90a480c17386862d4788c0501b9982d798d43c860cc6c

  
Dropping
MD5 0f6e9f11cf49c417a126027a36ca0ccf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 56a4523b72aef34982a90a480c17386862d4788c0501b9982d798d43c860cc6c

Comments