MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b7f40bf6bd03d3da42b3d8ab4b09055881f9a7146705224f2dfb5833a81d337. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b7f40bf6bd03d3da42b3d8ab4b09055881f9a7146705224f2dfb5833a81d337
SHA3-384 hash: f6627a68fa14225b1007e09d5faadecac75c2ce06117acd9d74dbb2e2bbd6b368039ab5131e7d7503cc3f01b3a0ebd5e
SHA1 hash: ab68ab627e96f06e76be63cb73c92e7302ffe345
MD5 hash: 15f11c28f90d7d8a7c6b8989a35bad64
humanhash: cardinal-wolfram-eighteen-fillet
File name:Product Design Drawing.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-20 11:57:24 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:wE5w0iIN0Zrww9hKLyppEv9xWcSBg+mSUKgNJ:7/ke4h9gv1S2+mSrG
TLSH 7745AF28539DE636EEAD4A79DCE1040C3BE090FF0D4BE74AA85DF0E54A5B393980159F
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: kinderteppichland.co
Sending IP: 85.25.14.170
From: Davide- Snr Sales <omangas@omanindustrialgas.com>
Reply-To: julialilianna@outlook.com
Subject: Request For Quote
Attachment: Product Design Drawing.img (contains "Product Drawing & Design_img.exe")

AgentTesla SMTP exfil server:
mail.quattrifolio.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SiggenNET.5.1565.1498.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 12:30:46 UTC
File Type:
Binary (Archive)
AV detection:
16 of 30 (53.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dn7ubp3l2a6t3jblhwfljmeqkweb7gtrizyfejhs362ygoub2m3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 1b7f40bf6bd03d3da42b3d8ab4b09055881f9a7146705224f2dfb5833a81d337

(this sample)

AgentTesla

Executable exe 30b71db8fd221bb29f1965ced700337d5b90251876a2ad72d38b4d427f3da41d

  
Dropping
MD5 13d8137e52348f74d1cffd1cbafab21e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 30b71db8fd221bb29f1965ced700337d5b90251876a2ad72d38b4d427f3da41d

Comments