MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24b96714bb70b38031fa465c4ec21361ff4cb23229cdcb9c9e4fe23a26f7af91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24b96714bb70b38031fa465c4ec21361ff4cb23229cdcb9c9e4fe23a26f7af91
SHA3-384 hash: 0f6afb0f988de916d919723a59879d18496e472008be9905b39fd939ab75cbd9994337e06458992829a531276a4ecd00
SHA1 hash: 4b11ddbe416aabbeb37a4bccb53e26cc763898f0
MD5 hash: c5ebb4e8b16ae66a6dc8ff8cb6fc748c
humanhash: black-dakota-magnesium-undress
File name:SOA.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'097'728 bytes
First seen:2020-06-11 11:15:48 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:0iSzviQZk6eqFJUCMG7drS0qpu4qmgkB8HOxJ2:0NFthpS0qcb4zD2
TLSH 0A358D26F3934433D17226389C5B5779982ABD102D38D9463BEB8E4E5F3D68239343A7
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: alb-tec.net
Sending IP: 95.211.208.25
From: Eric Chen<shams@alb-tec.net>
Subject: Update account statement - IDDB
Attachment: SOA.iso (contains "SOA.exe")

AgentTesla SMTP exfil server:
smtp.ociii.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.DelfFareIt
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 11:17:07 UTC
AV detection:
19 of 30 (63.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=es4woff3oczyamp2izoe5qqtmh7uzmrsfhg4xhe6j7rdujxxv6iq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 24b96714bb70b38031fa465c4ec21361ff4cb23229cdcb9c9e4fe23a26f7af91

(this sample)

AgentTesla

Executable exe 4b3320ca9f9d97b2ec9d833d4e57bed50cdbe7bf406392b97a3a89b20c62441b

  
Dropping
MD5 8a8dc5d1a5a464514be94477b72c6417
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b3320ca9f9d97b2ec9d833d4e57bed50cdbe7bf406392b97a3a89b20c62441b

Comments