MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25be6ef4ee4d2772627d540f2c54309f72371086882df520c92a3bd2689af20b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25be6ef4ee4d2772627d540f2c54309f72371086882df520c92a3bd2689af20b
SHA3-384 hash: e12c94df5cf3a7eff63449b3f51e9afd75d8d731b14d9db9875d6ec62e16a39624cfd394b99a009d312446a964f59ac7
SHA1 hash: 46227bc2f600ad9bf04382e1ceda88afdbb1cce3
MD5 hash: 616a5089e1b26ea0e27b5a23b3ebd1f6
humanhash: winter-moon-oklahoma-alabama
File name:Payment Transfer Sheet JPG.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-06-04 06:36:56 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:fjQdmG4Mkcp98Wwyv+eYpE84pr7z0HTPR0dAUvnO4tO1k2JOOn3HnpzD6b0Ul2:bI3QqjjMa2HND6b0U
TLSH BD654B99336072EEEB63E0F29D5C2D24E520E8FF874A750A5323356A9A1C453DF350B6
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: elementplus.hk
Sending IP: 103.133.105.20
From: Anne Au <purchase@elementplus.hk>
Subject: RE: RE: Incorrect Account IBAN No. (Payment Rejected)
Attachment: Payment Transfer Sheet JPG.img (contains "Payment Transfer Sheet JPG.exe")

AgentTesla SMTP exfil server:
mail.ilclaw.com.ph:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 07:37:11 UTC
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ew7g55hojutxeyt5kqhsyvbqt5zdoeegraw7kigjfi55e2e26ifq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 25be6ef4ee4d2772627d540f2c54309f72371086882df520c92a3bd2689af20b

(this sample)

AgentTesla

Executable exe df7c4243f9b8c7087628a1d52e81341e588e58695dfea9c02202266537e10540

  
Dropping
MD5 3daf0c670957f2002bfdac64dd744b2f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df7c4243f9b8c7087628a1d52e81341e588e58695dfea9c02202266537e10540

Comments