MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd3212c468c02d5c298193b06adcb3b4f498458b121a64ce56ec0ce98b1caca5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd3212c468c02d5c298193b06adcb3b4f498458b121a64ce56ec0ce98b1caca5
SHA3-384 hash: eaecda0bf4c7626d2fbd48eb2c753aa0bfac3043b488ed6957ab2a356923a47b4769584eaa463b68d07c41b44bd6e0d0
SHA1 hash: dcced8a5c1e88da55e7ffe399782e654b454849a
MD5 hash: 5a9a2bd0b9db75ea98a6ef21822fcb5c
humanhash: saturn-edward-ack-september
File name:Nueva Orden.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-20 06:02:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:SqvcUEESRiA/K4pr0hvRWQxlClRD0UWBxfC8/u2LNgkGArkbf/PHqgT63:0ni7Vz6nD/WPuVJbf/fA3
TLSH 5945F15E81D88432F916D7BC9CC2251223B8F462ED62F7993F0E63F74B257C08A15A97
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.lasmercedes.com.ni
Sending IP: 186.1.30.71
From: Costos <costos@lasmercedes.com.ni>
Subject: RE: Nueva consulta / orden de cotizaciĆ³n
Attachment: Nueva Orden.img (contains "Nueva Orden.PDF.exe")

AgentTesla SMTP exfil server:
mail.arigmed.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.50946.15075.8374.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 06:04:05 UTC
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7uzbfrdiyawvykmbsoygvxftwt2jqrmlcingjtsw5qgotcy4vssq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img fd3212c468c02d5c298193b06adcb3b4f498458b121a64ce56ec0ce98b1caca5

(this sample)

AgentTesla

Executable exe 765d8bb97b56addf0b725b4d289e6a73e8d5d80f74cf694d0831507690cfc8d1

  
Dropping
MD5 0856708235c605f63b0316bcfe1e331b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 765d8bb97b56addf0b725b4d289e6a73e8d5d80f74cf694d0831507690cfc8d1

Comments