MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18f0eba236cb77893fe13795d8fd38cf46f42bef8ad2a99bad4820188f67f5b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18f0eba236cb77893fe13795d8fd38cf46f42bef8ad2a99bad4820188f67f5b5
SHA3-384 hash: 5cefb7ba98d61f598672686f8d3f0a5395d25f2e7925f3dd02ce757c81a135e92cf2f980eed55ad0135cffcb4f91dcac
SHA1 hash: 45c884f1444f8385e33727cb0805bf5d9d8d5d92
MD5 hash: 4f7cc2212fbac8135125756942a79806
humanhash: ohio-pennsylvania-burger-lake
File name:Order Inquiry5500298704.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:581'632 bytes
First seen:2020-10-12 08:48:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:BkQ6pJomy8hMT3BDvHu5paOSRCuBkHiYezb3:BdyJorFjmpaOSRCuBkHi
TLSH 2FC46F3C8DD8423BD97BE672C0B05AD7F912768732509D1F669B9B8A1E13B132C89C1D
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: Mohammed Aquib <event_comm@decart.bg>
Subject: RFQ#5500298704
Attachment: Order Inquiry5500298704.img (contains "Order Inquiry#5500298704.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18f0eba236cb77893fe13795d8fd38cf46f42bef8ad2a99bad4820188f67f5b5/
Threat name:
ByteCode-MSIL.Trojan.GenMlwB
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 08:14:53 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ddyoxirwzn3ysp7bg6k5r7jyz5dpik7prljktg5njaqbrd3h6w2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/18f0eba236cb77893fe13795d8fd38cf46f42bef8ad2a99bad4820188f67f5b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 18f0eba236cb77893fe13795d8fd38cf46f42bef8ad2a99bad4820188f67f5b5

(this sample)

AgentTesla

Executable exe ea35db9af68ce6fc0332e8b04063f821e5a1a61ec576d98e49f954703b23e002

  
Dropping
MD5 c062c232ab53b6bc767922513da5f706
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea35db9af68ce6fc0332e8b04063f821e5a1a61ec576d98e49f954703b23e002

Comments