MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0663564bdb76782bdd5330371fa02603037c2e30474407c42772158a5e9139a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0663564bdb76782bdd5330371fa02603037c2e30474407c42772158a5e9139a4
SHA3-384 hash: 0b025d2674351196a45ff74a598785df0131b62ff08f9b4a46a15c814480d1a69328d77ecbdd586bfe788ab221020cee
SHA1 hash: 98967c3831c5ef0860986553a2897f41fbfbea65
MD5 hash: 3aea93e08db5cf93d76f94921259baa3
humanhash: massachusetts-beer-october-neptune
File name:Purchase Order.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:786'432 bytes
First seen:2020-08-03 12:47:05 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:pk34m81Qf0pln5NgeWCRjFtVz0EYMKimMDqyz1jmy5s6e:CI58eWCRjFDz0wMM+7y
TLSH 03F4BD1C3BD0865AF46A0FBA9C3665029D35F44B6927F38F36B9122C467B79CAC40F52
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zmail.rfvallianz.com
Sending IP: 203.177.117.142
From: sales05@rfvallianz.com
Subject: PURCHASE ORDER
Attachment: Purchase Order.iso (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
anemone.myhostpl.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.26972eb886ce4e14.27026.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0663564bdb76782bdd5330371fa02603037c2e30474407c42772158a5e9139a4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 12:49:05 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=azrvms63oz4cxxktga3r7ibgambxylrqi5caprbhoikyuxurhgsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0663564bdb76782bdd5330371fa02603037c2e30474407c42772158a5e9139a4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 0663564bdb76782bdd5330371fa02603037c2e30474407c42772158a5e9139a4

(this sample)

AgentTesla

Executable exe e90113ece868954185441f939e93cab4f887465291e620753b411d043131b793

  
Dropping
MD5 26972eb886ce4e142062295d12108502
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e90113ece868954185441f939e93cab4f887465291e620753b411d043131b793

Comments