MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 095c042eb4d4a96d8b1e57776613985b01f8a3720657c61746e5f84a48d9a190. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 095c042eb4d4a96d8b1e57776613985b01f8a3720657c61746e5f84a48d9a190
SHA3-384 hash: 3db559052cca805f0982b062646f777efb11bfa4cb43ebba52d9c2ba87bfaa2d82befbb7bc13e7ce0f0119d6630cbc98
SHA1 hash: c65cf882b8576cec393bc4f7a2b5edcb9cc521e4
MD5 hash: fdc41e7ee4f4f0c93407d8fe928b9eba
humanhash: tennessee-alaska-oscar-pluto
File name:Acil Siparis.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:321'536 bytes
First seen:2020-10-19 13:23:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 3072:vDOphXYf0wjpxqX3u8o26lCpSQCWQ7FITV07BZgfklVEsTHtB5BazqC6Zu4+eXX0:vGXYrpAHh6lCpS7WQ7yUgf+j5Br+a0
TLSH 0F644B58B3DA45ADF1DD9E32AA9127138726FC936FAFC787640E71540F333828C51A62
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ditas.com.tr
Sending IP: 193.142.59.17
From: <tuncayaykac@ditas.com.tr>
Subject: Acil Siparis Talebi
Attachment: Acil Siparis.img (contains "Acil Siparis.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.13794.12824.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/095c042eb4d4a96d8b1e57776613985b01f8a3720657c61746e5f84a48d9a190/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 11:12:57 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bfoailvu2suw3cy6k53wme4ylma7ri3sazl4mf2g4x4eusgzugia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/095c042eb4d4a96d8b1e57776613985b01f8a3720657c61746e5f84a48d9a190

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 095c042eb4d4a96d8b1e57776613985b01f8a3720657c61746e5f84a48d9a190

(this sample)

AgentTesla

Executable exe fd03c87d6385f3d86400245902c821b496f603105887a05f67eb6948f4c5c085

  
Dropping
MD5 85bc261f3b94a42bf4a33c4ae7237b3b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fd03c87d6385f3d86400245902c821b496f603105887a05f67eb6948f4c5c085

Comments