MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a90f595b632c70fae6162eb787244d9fa27d1edd88e6cf610a7daf7eb3b4047. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a90f595b632c70fae6162eb787244d9fa27d1edd88e6cf610a7daf7eb3b4047
SHA3-384 hash: f36c4ffc94631579be697cf5455ce460dc2e09cd5d0af169795b3cab05c1559b0344a82b0c2c5454552751fb4ec22e8c
SHA1 hash: d425284f2f07bf99bbf073516be4ef90c4c18e96
MD5 hash: c35730275ba9a994f3d96fda9f0da348
humanhash: oranges-speaker-crazy-fourteen
File name:Order_80000000000.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'523'136 bytes
First seen:2020-05-27 12:26:05 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:8GSk6VEt6BvAO2UmxNimXDlKFLIbsL1swv91SrSlPq2Jwz38O:xSk6NBvAORibql1swHC2eQ
TLSH 17C53D27EC819647E02803FDB8171DF46A2F6746F543ABFE20761E8E6E0065A1E8717D
Reporter abuse_ch
Tags:AgentTesla ARE geo img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: adpower.ae
Sending IP: 131.153.50.147
From: Adpower FZCO <info@adpower.ae>
Subject: رد: رد: أمر
Attachment: Order_80000000000.img (contains "Order_80000000000_img.exe")

AgentTesla FTP exfil server:
ftp.behnazgroup.ir:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.18373.5664.UNOFFICIAL
Create hunting rule

Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/364415
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:34:23 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 1a90f595b632c70fae6162eb787244d9fa27d1edd88e6cf610a7daf7eb3b4047

(this sample)

AgentTesla

Executable exe 5f1f3bec4b73a162c6560aba5a4f0834f30a8e94d7964bd757ac1161665fea35

  
Dropping
MD5 80ebba810d72a169d87bac6fa5592fda
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f1f3bec4b73a162c6560aba5a4f0834f30a8e94d7964bd757ac1161665fea35

Comments