MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f89f73db67f80f3ea9464fa57830e647b25f4c88f76ccea5ee0ddc005242697f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f89f73db67f80f3ea9464fa57830e647b25f4c88f76ccea5ee0ddc005242697f
SHA3-384 hash: f806088cc2b6726bd09d58ea04ad3db99ab92d806e7a9e78eb862612dbbd8925fc95a9d329b5ca50fb929e57d49889ef
SHA1 hash: 3037c8776d21372e10a5e9f023f71574d0cf978b
MD5 hash: d31e253435b150ed7b3927ad34fca291
humanhash: idaho-vermont-tango-echo
File name:G.P DE SILVA list of newly spices.pdf.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'591'296 bytes
First seen:2020-06-02 07:12:18 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Itb20pkaCqT5TBWgNQ7a5cuvcUSFJA1uf7vLfwqP9Vjfr/zpGjtpS6A:RVg5tQ7a5TdunTjDz4m5
TLSH CA75BF12339F8A60EE7D3133791577116D6BE8140564F4BB2FBB8B38A7101A14E3A76B
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.aduamerica.pe
Sending IP: 198.1.66.95
From: Stephanie Ramirez <stephanie@grupocanela.net>
Subject: G.P. DE SILVA SPICES LIST OF NEW SPICES
Attachment: G.P DE SILVA list of newly spices.pdf.iso (contains "G.P DE SILVA list of newly spices.pdf.exe")

AgentTesla SMTP exfil server:
mail.apipharrnatech.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:46:00 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7cpxhw3h7aht5kkgj6sxqmhgi6zf6tei65wm5jpobxoaauscnf7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso f89f73db67f80f3ea9464fa57830e647b25f4c88f76ccea5ee0ddc005242697f

(this sample)

AgentTesla

Executable exe c102aeafa1ba9f31a8433b1c3b14f8e555eaf7d2dd5af0cd63403ff0160134f1

  
Dropping
MD5 26fe889131fdf3a79f0b54ec0bdfc906
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c102aeafa1ba9f31a8433b1c3b14f8e555eaf7d2dd5af0cd63403ff0160134f1

Comments