MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ef205b37203c59a96de95c69e7ccf051b0999a44062df11ee34a04580e5fd98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ef205b37203c59a96de95c69e7ccf051b0999a44062df11ee34a04580e5fd98
SHA3-384 hash: 489bd3349b8d97bd1ed1dda49a5caa5ee03b2de12b26bdf5a457ddd778788b18cf94f70d50d3633824194e57d2d8e500
SHA1 hash: 4c97993caf15b9e3301c5db78151b13e598c3940
MD5 hash: 48489082ba0ecee53ee1d5d6be42869e
humanhash: indigo-diet-seventeen-enemy
File name:ENQUIRY_SBCT748_DOC.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-11 08:09:12 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:GqfCkk3cmaX0ilTgRhO0mjA1Jwy7h74ghHp0qSD:GqfCkk3cmaX0il4O0hwy7hx41D
TLSH 35459D00327D9F69E0B667F31AA4B441DFB96D662452F7AD5C9630CA4EF4F40C860E2B
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: austin.ntit.hk
Sending IP: 202.181.240.103
From: Jessie <norrenbrock.lubing@dr.com>
Subject: RE: New Enquiry
Attachment: ENQUIRY_SBCT748_DOC.IMG (contains "ENQUIRY_SBCT748_DOC.exe")

AgentTesla C2:
http://193.169.52.202/image/images/news/tax/pictures/news/inc/28e4bee586d0b8.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45506.6050.16640.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Avemaria
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 08:36:33 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
16 of 45 (35.56%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b3zalm3sapczvfw6sxdj47gpaunqtgneibrn6epogsqelahf7wma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 0ef205b37203c59a96de95c69e7ccf051b0999a44062df11ee34a04580e5fd98

(this sample)

AgentTesla

Executable exe b557884e69cbfcae02528a9e04363d4c61e358f7f81a285a5ea758df8f02bb63

  
Dropping
MD5 8aaf1031d76d79b21c17718a78ecf002
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b557884e69cbfcae02528a9e04363d4c61e358f7f81a285a5ea758df8f02bb63

Comments