MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11e03fb5cb6f2051379c9d9090a85f5755e5d9f1f9a7ae64951bc7ce31835391. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11e03fb5cb6f2051379c9d9090a85f5755e5d9f1f9a7ae64951bc7ce31835391
SHA3-384 hash: f95f94bbbd10ffab1110ae6e23e2f8dc703b98425ae877c36efa63f03d7f5bbbecb674b221de463a1dec4710410a028b
SHA1 hash: 166e58d57d8d6c71c4158b40caf12dbf18897a1d
MD5 hash: c0c0d1eab1cc4f9e57f2248d9294477a
humanhash: pennsylvania-music-aspen-winter
File name:PO00819-IN.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:698'368 bytes
First seen:2020-08-19 14:09:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:5u9sDcI1A3fr/5QbosbcQHfDOqxPDFzKkI9u7YwJ:WsDcLr/5zRQHfySpWu7n
TLSH 83E412A203485B5FE2BD657C0506E4B042F6DE514972FA4ABECC8EB373E77622B01761
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vinta.com.sg
Sending IP: 156.96.46.79
From: enquiries@vinta.com.sg
Subject: NEW ORDER *( Dennis Olson - Vinta trading company
Attachment: PO00819-IN.iso (contains "PO00819-IN.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11e03fb5cb6f2051379c9d9090a85f5755e5d9f1f9a7ae64951bc7ce31835391/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 14:11:06 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=chqd7noln4qfcn44twijbkc7k5k6lwpr7gt24zevdpd44mmdkoiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/11e03fb5cb6f2051379c9d9090a85f5755e5d9f1f9a7ae64951bc7ce31835391

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 11e03fb5cb6f2051379c9d9090a85f5755e5d9f1f9a7ae64951bc7ce31835391

(this sample)

AgentTesla

Executable exe e83b98a736b614af8adb721b387d5eda8d794c6fd58296a59a86c6faf9baf4ba

  
Dropping
MD5 e175aef67447ad4d79949db9ff32e6b7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e83b98a736b614af8adb721b387d5eda8d794c6fd58296a59a86c6faf9baf4ba

Comments