MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15f1b8cf99a3841e61404ea917ce33153f28307c9b47b257ae0e7e29745776b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15f1b8cf99a3841e61404ea917ce33153f28307c9b47b257ae0e7e29745776b7
SHA3-384 hash: 52608f73318c7fd77dc170e91d71746fba29399cf4297fa9fe937a878335a3cbe9780625ac1e5e69c49c29f23d72c78a
SHA1 hash: 303334f5797d97d13a54ff085fcfc5c2aa2916a9
MD5 hash: 847f6ffd446dbd8b0fcf2b53c6681470
humanhash: diet-echo-illinois-beryllium
File name:invoice.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:364'544 bytes
First seen:2021-02-26 12:25:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:kZ9xoo/Uw6TqBBvLpepWgTAa6e9VsyAO4mPSJLqtNSXK5pcjwxvHVZ0y1UCgVdK:kZ9xoogOX1eAgTA/eeFCNSXox/f0ymC7
TLSH 5A7412B377388876D092CA393CB20098B25F2203D535492BF6AC76659F9335BCB52B65
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-2418642.us-midwest-1.nxcli.net
Sending IP: 8.36.41.75
From: New Zealand Seafood Marketing <mail@63a675cc7f.nxcli.net>
Subject: Payment Sent T/T Receipt Attached - Overdue Invoices Payment
Attachment: invoice.img (contains "invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1493.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15f1b8cf99a3841e61404ea917ce33153f28307c9b47b257ae0e7e29745776b7/
Threat name:
ByteCode-MSIL.Trojan.Cryptos
Create hunting rule
Status:
Malicious
First seen:
2021-02-26 12:26:11 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxy3rt4zuocb4ykaj2urptrtcu7sqmd4tnd3ev5obz7cs5cxo23q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 15f1b8cf99a3841e61404ea917ce33153f28307c9b47b257ae0e7e29745776b7

(this sample)

AgentTesla

Executable exe f0339a4175d145fc5632f1bd2d8369892f0e7d5897940b55ec49cfffea72785e

  
Dropping
MD5 f54a93040168fa0dff672735c44a896e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0339a4175d145fc5632f1bd2d8369892f0e7d5897940b55ec49cfffea72785e

Comments