MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ead542ec7dd120aaa3986f282dc35a0f1b6a7e0502d8104c11008569c388a02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ead542ec7dd120aaa3986f282dc35a0f1b6a7e0502d8104c11008569c388a02
SHA3-384 hash: 488ceeebf86b74141024871e2dca0f53adb4b737408c0fd007999e95909ad6615db88274cb517f523e739d9a08bf2bb1
SHA1 hash: 865deb88a1844a079c28daa06e40d361289b64c2
MD5 hash: a610d428891120b3bd8aa5a0411342d8
humanhash: snake-connecticut-wisconsin-oklahoma
File name:Swift Copy File2.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-10-20 07:25:42 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:G9EJ9wt2L2C1Iz0i1h4L9tRjj6CTW2XN:G4YC1Iz0ikFj/Z
TLSH 3545AFB27D96596EC96F077150A985C1FAB616C73F908B0D71AF430C0F11A2BBB2325B
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: serve0.sharkfloat.pw
Sending IP: 104.168.215.246
From: Account Payable <ap@Jagdambasteel.it>
Subject: FWD:RE:RE: Failed Transfer
Attachment: Swift Copy File2.iso (contains "SwiftCopy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ead542ec7dd120aaa3986f282dc35a0f1b6a7e0502d8104c11008569c388a02/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-19 22:50:14 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d2wvilwh3ujavkrzq3zifxbvudy3nj7akawycbgbcaefnhbyriba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ead542ec7dd120aaa3986f282dc35a0f1b6a7e0502d8104c11008569c388a02

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 1ead542ec7dd120aaa3986f282dc35a0f1b6a7e0502d8104c11008569c388a02

(this sample)

AgentTesla

Executable exe 268a8cd2e1be94fb5124930ed021ef9cda228d8366efef29884f7affc47f936d

  
Dropping
MD5 b70240f09250a0f9f5d81184637ed32f
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 268a8cd2e1be94fb5124930ed021ef9cda228d8366efef29884f7affc47f936d

Comments