MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0636fb3768e587d8833bdfd88c2c45b3fe6319ddb3cd62ec6c1d49736715f9d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0636fb3768e587d8833bdfd88c2c45b3fe6319ddb3cd62ec6c1d49736715f9d3
SHA3-384 hash: 7543151236bea809c614fade2434b362ed8d0c7ff273cd1066094a3456588d0d89161f7e57ab1f64d092a6e0757a28bf
SHA1 hash: 8fd5e2d36b7d00ae23b698ea19697da8660abc52
MD5 hash: 386616b9371effc155792a6b34637849
humanhash: cup-utah-oven-beer
File name:transfer copy.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-12-22 12:50:15 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:NLHiuJrMLXMhYQzzlMbVQZmVPofudE/1zL+ZXtcHhnoO/Re:1JreMu/V4mNZM1zStcHhnp
TLSH 0F45E191B25EC5A9F42A19B36D9BC55062B1AC5FAB91028F719E73190BF331300BBD4F
Reporter abuse_ch
Tags:AgentTesla Endurance img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 162-144-100-85.unifiedlayer.com
Sending IP: 162.144.38.36
From: PAY-U INT'L <sales9@oxy99.in>
Subject: INCORRECT BANK DETAILS FOR PAYMENT
Attachment: transfer copy.img (contains "transfer copy.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
285
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BScope.Trojan.Crypt.5016.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0636fb3768e587d8833bdfd88c2c45b3fe6319ddb3cd62ec6c1d49736715f9d3/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 12:51:08 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ay3pwn3i4wd5raz337miylcfwp7gggo5wpgwf3dmdvexgzyv7hjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Spyware
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/0636fb3768e587d8833bdfd88c2c45b3fe6319ddb3cd62ec6c1d49736715f9d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 0636fb3768e587d8833bdfd88c2c45b3fe6319ddb3cd62ec6c1d49736715f9d3

(this sample)

AgentTesla

Executable exe 2a9005e0218ee1fa65d55949828ccdea090ef64747d7913b2e6b38dc0a4adfb9

  
Dropping
MD5 18fafaf2b874221bf5ae77c432de1557
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a9005e0218ee1fa65d55949828ccdea090ef64747d7913b2e6b38dc0a4adfb9

Comments