MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bb704a19729198cf8d1bf673fc5ddeae6810bc0a773c27423352a17f7aeba9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bb704a19729198cf8d1bf673fc5ddeae6810bc0a773c27423352a17f7aeba9a
SHA3-384 hash: ef01edd9af2c5fe334af685513e1d5ef11a252833829934b6cef6ee4d09cc318f334a67f9bc31235157020bf4b96f14f
SHA1 hash: 148777ae78b49d5a2afd58c3e17e651258498ff2
MD5 hash: a9e601af70ce5e37d4e6a0356f4bd4ee
humanhash: carpet-eighteen-solar-gee
File name:Document 07042020-245784672.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'572'864 bytes
First seen:2020-04-07 07:07:23 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:L/rjjrEib+6ic3VNtH9pxJ4CozLFY2I8e5:7rnBKgVvHHnwY
TLSH 0D75BE3FEA68A063EE9B153105A14FD9D53F6C113725838BF18AB71A45F8B80716F70A
Reporter abuse_ch
Tags:AgentTesla COVID-19 img


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: giardserver.giardinnovationcorp.com
Sending IP: 162.241.210.99
From: Managing Director <md@victim-domain>
Subject: Evidence Of Document Containing Staff Misconduct During This Periof Of COVID-19 Pandemic
Attachment: Document 07042020-245784672.img (contains "Document 07042020-245784672.exe")

AgentTesla SMTP exfil server:
smtp.maizinternational.com:587 (208.91.199.224)

AgentTesla SMTP exfil email address:
sales@maizinternational.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-04-07 07:36:26 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=do3qjimxfemyz6grx5tt7ro55lticc6au5z4e5bdguvbp55oxkna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 1bb704a19729198cf8d1bf673fc5ddeae6810bc0a773c27423352a17f7aeba9a

(this sample)

AgentTesla

Executable exe 7b7a61b339d4c19d9625d5391f1d2b0d1361779713f7b33795c3c8dce4b5321f

  
Dropping
MD5 230eca3f06f91bbe265b3a9fd03eb535
  
Dropping
SHA256 7b7a61b339d4c19d9625d5391f1d2b0d1361779713f7b33795c3c8dce4b5321f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b7a61b339d4c19d9625d5391f1d2b0d1361779713f7b33795c3c8dce4b5321f

Comments