MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fde1115c876ed7b66cd2232ce88d67862120bb6435accfb55d5c5c310a4cc884. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fde1115c876ed7b66cd2232ce88d67862120bb6435accfb55d5c5c310a4cc884
SHA3-384 hash: af486247e07c0430c121302e16d0c5d6932dfad672a16ddc271440919daab04006880b7a2d5362afdaf46807793698e4
SHA1 hash: e3a00125eddb0886206d677a17b0593f78acfbb2
MD5 hash: 42904a415aebd77c2b09b1f1ac29c5a5
humanhash: tango-double-eleven-iowa
File name:Docs.Scan.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-26 06:14:15 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:sz3IvZwAzNfW+0HJ6FDEMyYCugsSt0+kYLPkA0rTK4Oyh5gtK2bNDVX7XR46zI:szYvZve+0oBEJY0t0gYA0fgt9bN
TLSH 2145CF052A98861ADDF91BF8E450E93703767C3127C1DA442ADD6CDB3E8B74BC6126F2
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mta03.svc.cra.dublin.eircom.net
Sending IP: 159.134.118.145
From: maeve Tierney <mauvet@eircom.net>
Subject: Re: INCORRECT SHIPPING DOC
Attachment: Docs.Scan.img (contains "Docs.Scan.pdf.exe")

AgentTesla SMTP exfil server:
mail.brighttextiles.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.21253.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fde1115c876ed7b66cd2232ce88d67862120bb6435accfb55d5c5c310a4cc884/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 06:16:07 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7xqrcxehn3l3m3gsemwordlhqyqsbo3egwwm7nk5lrodccsmzcca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img fde1115c876ed7b66cd2232ce88d67862120bb6435accfb55d5c5c310a4cc884

(this sample)

AgentTesla

Executable exe 6a84a6afd624f252d7762e4f05125dcc731c1bc52556c5af0a9986c8149e1f1c

  
Dropping
MD5 c9c3b53d028c04b5bdaae91268bff745
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a84a6afd624f252d7762e4f05125dcc731c1bc52556c5af0a9986c8149e1f1c

Comments