MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 23c1ee962ea8beb902e943066261ff278f55f042a5edc855e14906ed52b5556e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 23c1ee962ea8beb902e943066261ff278f55f042a5edc855e14906ed52b5556e
SHA3-384 hash: 62f4c87bdde5aa6d3a86bddc90fe394cdee4d2a5d1083c5f4a52586519afaa1eb4a8c1daa39a0b3bfead662c5bd2ab30
SHA1 hash: 038f76243bf5f0993475a4192d01ec77c3a0e7c7
MD5 hash: b05cc1b6754a9b640affc7e11ae0624d
humanhash: bulldog-lake-rugby-november
File name:comprobante 09102020 Caixa bank_PDF.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:663'552 bytes
First seen:2020-10-12 14:49:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:nEcXiG7kdm7+uYZa2lr4S6VpduIY/w7Zo:zD4dSUa2lrf6rVK
TLSH 0AE46E3C4ED8963BD97BC672C0B056D7FD026A8731509D1F669B9A8A1A03F137C89C2D
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: nataraya.thirdeye.it
Sending IP: 185.19.185.40
From: lnfo@caixabank.es
Subject: Comprobante transferencia
Attachment: comprobante 09102020 Caixa bank_PDF.img (contains "comprobante 09102020 Caixa bank_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisD1F1795E997C.5476.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/23c1ee962ea8beb902e943066261ff278f55f042a5edc855e14906ed52b5556e/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 09:37:32 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=epa65frovc7lsaxjimdgeyp7e6hvl4ccuxw4qvpbjedo2uvvkvxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/23c1ee962ea8beb902e943066261ff278f55f042a5edc855e14906ed52b5556e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 23c1ee962ea8beb902e943066261ff278f55f042a5edc855e14906ed52b5556e

(this sample)

AgentTesla

Executable exe 149dfe878fdf84ef902fb91ad1eab30865dc2f751f1a05324d0947e130b939e8

  
Dropping
MD5 d1f1795e997ca0644edbe8558f059eb6
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 149dfe878fdf84ef902fb91ad1eab30865dc2f751f1a05324d0947e130b939e8

Comments