MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9c0b4a9053ac232848c8a3edfcf2e0c206966e37d6c945e638a043076f600fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9c0b4a9053ac232848c8a3edfcf2e0c206966e37d6c945e638a043076f600fe
SHA3-384 hash: a56b17cfc18dde252bab1d66ad96f1e67ea0677791f365be78e6b8cd15225acfac5464f68269ff5877e035e12e8f58f1
SHA1 hash: 0393863d68316ab09685a362a3dcb0c84dd48b67
MD5 hash: ea68a11c59a5cb339f89f823384c4aba
humanhash: venus-missouri-blossom-oklahoma
File name:jucio_4357374927428947.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'949'120 bytes
First seen:2020-05-13 06:39:35 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:sA+nObsAH2awhmIGH6q5MyZTpmK9OEkOrdz:0CP6GH6YMamK9X
TLSH 2AD519A2B4418449D86707F1442A9A9461B32F8C36E5860EB0BF77167FF3347266ADCF
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mx1uk.supremebox.com
Sending IP: 46.249.205.210
From: Monica Deifilia Robalino Coello <info@citahealth.org>
Subject: Jucio No: 02305202000068GP
Attachment: jucio_4357374927428947.img (contains "jucio_43573749274289472642879482478274294782489287492847928492749892427848.scr")

AgentTesla SMTP exfil server:
mail.jrnjcpa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 18:51:50 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7haljkifhlbdfbemri7n7tzobqqgszxdpvwjixtdricda5xwad7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img f9c0b4a9053ac232848c8a3edfcf2e0c206966e37d6c945e638a043076f600fe

(this sample)

AgentTesla

Executable exe aadeefdff2d2e15548eebcc0d510784f7ba79aaeee9615b3705f30b60b352e5b

  
Dropping
MD5 4889e2563e0f5d6528ea101b6a7eca24
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aadeefdff2d2e15548eebcc0d510784f7ba79aaeee9615b3705f30b60b352e5b

Comments