MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1251c3f9d0a07d9efbf705c04bf986159ca80813d7bb2187f4c9f7a98ba117c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1251c3f9d0a07d9efbf705c04bf986159ca80813d7bb2187f4c9f7a98ba117c2
SHA3-384 hash: ae818d6ac6bd2e008fe9635079793b681ff02cb65af2339d8daa568e60425ce222dfb88f2a9ca378a91d5ed7d0d07f6a
SHA1 hash: 177247514e59fcc105bbaf71e67e097da35779d5
MD5 hash: b860e75bf72d062b8b646a06b98d8ba7
humanhash: vegan-uranus-uncle-nineteen
File name:PO.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'835'008 bytes
First seen:2020-10-13 07:41:04 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:nAHnh+eWsN3skA4RV1Hom2KXMmHaiE7wM8qkf80/pMSqsvj5:ah+ZkldoPK8YaivM8qySG
TLSH 7985BE0273D2C036FFAB92739B6AF60196BD79250123852F23981D79BD701B1277E663
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: spam.myckgroup.com
Sending IP: 211.248.187.175
From: Hailey Li<shindo@lcd.co.kr>
Reply-To: shindo@lcd.co.kr
Subject: PO
Attachment: PO.img (contains "yuio.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.JS.EmbeddedEXE-5.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1251c3f9d0a07d9efbf705c04bf986159ca80813d7bb2187f4c9f7a98ba117c2/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 03:36:08 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cji4h6oqub6z567xaxaex6mgcwokqcat265sdb7uzh32tc5bc7ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/1251c3f9d0a07d9efbf705c04bf986159ca80813d7bb2187f4c9f7a98ba117c2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 1251c3f9d0a07d9efbf705c04bf986159ca80813d7bb2187f4c9f7a98ba117c2

(this sample)

AgentTesla

Executable exe b3db12ee110a51adbbbe9901d5c5ad135aae575a37a8f2a5632b88eedacede6a

  
Dropping
MD5 5f60085af8bbbee03adca9f4d76fd6da
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3db12ee110a51adbbbe9901d5c5ad135aae575a37a8f2a5632b88eedacede6a

Comments