MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 199fa4f959179f20c71ad5c56f6752528053b2e3da13545febf7db1379395efe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 199fa4f959179f20c71ad5c56f6752528053b2e3da13545febf7db1379395efe
SHA3-384 hash: 3e3c9df9f4c43201d1aec52c14b07455a6d68b96e49fdffeeb6784c4559feb96e5ad86acc8e63f2b663031c4e26d2dd6
SHA1 hash: 17a9a9aa5d1ad4e4fed0c6dda313eadfb845a150
MD5 hash: ce926df8f557f16960b26ac52edb1441
humanhash: colorado-sierra-equal-don
File name:Siemens September purchase list.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'331'200 bytes
First seen:2020-10-09 15:41:17 UTC
Last seen:2020-10-09 18:24:46 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:0vgFj53lzKgTWk5rnDDgOajqFRzPHEXpT29iA8:JVzKgTnDDgxm8ZS9z
TLSH 19554AAD325072DFC46BCD728E686C24EBA0747B830BC607A41715AD9A5DA97CF143F2
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Siemens <sales10@powerbeauty.com>
Subject: Siemens September purchase order
Attachment: Siemens September purchase list.iso (contains "Siemens September purchase list.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/199fa4f959179f20c71ad5c56f6752528053b2e3da13545febf7db1379395efe/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-09 15:43:05 UTC
File Type:
Binary (Archive)
Extracted files:
36
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dgp2j6kzc6psbry22xcw6z2skkafhmxd3ijvix7l67nrg6jzl37a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/199fa4f959179f20c71ad5c56f6752528053b2e3da13545febf7db1379395efe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 199fa4f959179f20c71ad5c56f6752528053b2e3da13545febf7db1379395efe

(this sample)

AgentTesla

Executable exe 0afff32555fbbdc301d9ffc446e9bebe445d3b186a80bcdbf54342c61e4b4a4d

  
Dropping
MD5 302001c97927ebeb2ba15677018191db
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0afff32555fbbdc301d9ffc446e9bebe445d3b186a80bcdbf54342c61e4b4a4d

Comments