MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa10b5d4637732a13019ee6dc98a44a3e706368aed778a1a645b8cbfbbc50197. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa10b5d4637732a13019ee6dc98a44a3e706368aed778a1a645b8cbfbbc50197
SHA3-384 hash: 6f2bbc56f018e409734b0412055ea3fdfeb2dad0da6308991b7413f431ea1b9ce8f60204d6d92fbff3767925bc7708ce
SHA1 hash: 96fcd5ead3903508144fb38d50ef9cf51c4665eb
MD5 hash: fcc99b27470fdc100e43f8f6e3064dfc
humanhash: aspen-autumn-grey-two
File name:print-out. Payments. TRN 100098947806003.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-06-04 07:05:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:r7ZcJfw4zj1q1hvdn52DKeAzu4IqHu81km92RyCXl55G97M+S9mZ0+u/fG2QGkFz:Rj2ZqRM+e/fHQoBK4OPw
TLSH 6A6506983E147DDEC87BD0B289581F64AE50EC76431A5D0A60F731A9DA3CEC79ED40E2
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: bomgim.com
Sending IP: 103.133.110.140
From: bhiwandi@bomgim.com
Subject: Payment Advice -Swift Transfer (127)ProCredit Bank Copy
Attachment: print-out. Payments. TRN 100098947806003.img (contains "print-out Payments TRN 100098947806003.exe")

AgentTesla SMTP exfil server:
mail.asplparts.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 23:44:37 UTC
AV detection:
13 of 31 (41.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7iillvddo4zkcmaz5zw4tcseuptqmnuk5v3yugtelogl7o6faglq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img fa10b5d4637732a13019ee6dc98a44a3e706368aed778a1a645b8cbfbbc50197

(this sample)

AgentTesla

Executable exe ac6059835dff236452027450749d077775411e277447a711e5f53bea47262821

  
Dropping
MD5 ab60543c0aef82920643ca4ac2423462
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac6059835dff236452027450749d077775411e277447a711e5f53bea47262821

Comments