MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24ba51445cb07f42bedf0823b14e4bbc15ffcfe17f08a26c82c454c24e746cd8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 24ba51445cb07f42bedf0823b14e4bbc15ffcfe17f08a26c82c454c24e746cd8
SHA3-384 hash: 9e4d1e08061b8e8a910d017a5b2cb9a09b1274f287dd7e690e5fe2754af1dcb90e44882ec1d8267ec0171d8a06497d78
SHA1 hash: 57c89724338c6748dd4e96cd0f5a8e9bd81d07dc
MD5 hash: 4f5dded328de55bed5d93089ee6a7b64
humanhash: harry-fanta-louisiana-hot
File name:invoice_TRNE000657.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:759'808 bytes
First seen:2020-04-30 11:52:41 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:cMNt4XTvhy0gyYSM/jdFs1eDzFYnjuKGkpQYYvWCFWh1silHR953L5j69vo7sKcN:c+4xgZJvDzF+ju4pQYAZQeilHRXLrW
TLSH E6F48D9C329471DFD467DA36CEA42D54EA25B8B3630FC2076017229D9F6EA97CF101B2
Reporter abuse_ch
Tags:AgentTesla DHL ESP geo iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.matos.club
Sending IP: 65.99.237.143
From: <eBillingFreight.ES@dhl.com>
Subject: Notificación de nuevo problema de factura DHL : TRNE000657
Attachment: invoice_TRNE000657.iso (contains "invoice_TRNE000657.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 03:27:00 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=es5fcrc4wb7ufpw7bar3ctslxqk77t7bp4eke3ecyrkmettuntma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 24ba51445cb07f42bedf0823b14e4bbc15ffcfe17f08a26c82c454c24e746cd8

(this sample)

AgentTesla

Executable exe 623e37acf038d163685f53206e0a5090a2178b7b9a4788ab5fbbf24f723d1d55

  
Dropping
MD5 1c83e5e1d943897eceb357625d87ae64
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 623e37acf038d163685f53206e0a5090a2178b7b9a4788ab5fbbf24f723d1d55

Comments