MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 318dc447444eae0a0b26dbf5f28ca77c50722aec7139822f728de92f0506dec9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 318dc447444eae0a0b26dbf5f28ca77c50722aec7139822f728de92f0506dec9
SHA3-384 hash: e9271f30a104d494098e47f1b438400dc0cba4efe9d1a77adc20612f386ff88bf39511f6c80df859f286e26fc562ccc3
SHA1 hash: 210d28411fad65fef2deeaf3f1d8ca1ed3313fd1
MD5 hash: 90c3ef12b4f7d2850fada7144499b9eb
humanhash: monkey-oranges-alabama-crazy
File name:SOA.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2023-08-02 06:49:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:bpiRSej8BonVvRyaPuzrfMChwVEv44jZVMri5OVp9fw0z41MUNhHHKm7PH:bpiR3wyVv4aW8yyE53OVLwugMEHKg/
TLSH T1CF451244B2BA9518F9C72E73832D52019CD9DDB7609CAA02FB9ECD36DF450B0499AF70
TrID 50.6% (.ISO/UDF) UDF disc image (2114500/1/6)
49.0% (.NULL) null bytes (2048000/1)
0.1% (.ATN) Photoshop Action (5007/6/1)
0.0% (.ISO) ISO 9660 CD image (2545/36/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
Reporter cocaman
Tags:AgentTesla img payment


Avatar
cocaman
Malicious email (T1566.001)
From: "morshed@nahee.com.bd" (likely spoofed)
Received: "from nahee.com.bd (unknown [94.156.161.221]) "
Date: "01 Aug 2023 13:09:19 +0200"
Subject: "RE: Urgent - Payment Overdue SOA"
Attachment: "SOA.IMG"

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:IJ4S2O2O.EXE
File size:643'584 bytes
SHA256 hash: 8678f9a3ecfd06cd0f5f2ecd34414ccfd0dc475b8f7d4269e330b5935a8e8f99
MD5 hash: 68a6b3ebce37c9acf86a924e7c98ef73
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.27636.18626.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
context-iso packed packed
Link:
https://www.filescan.io/uploads/64c9fc9b94fb102ea38bf864/reports/bc7f494d-72df-4126-b9fc-f93325c8c369/overview
Verdict:
Malicious
Labled as:
Possibl.E94332FB
Link:
https://www.hybrid-analysis.com/sample/318dc447444eae0a0b26dbf5f28ca77c50722aec7139822f728de92f0506dec9
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/318dc447444eae0a0b26dbf5f28ca77c50722aec7139822f728de92f0506dec9/
Threat name:
ByteCode-MSIL.Trojan.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2023-08-01 10:15:46 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 37 (48.65%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggg4ir2ej2xauczg3p27fdfhprihekxmoe4yel3srxus6big33eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/318dc447444eae0a0b26dbf5f28ca77c50722aec7139822f728de92f0506dec9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Fody
Create hunting rule
Author:ditekSHen
Description:Detects executables manipulated with Fody

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 318dc447444eae0a0b26dbf5f28ca77c50722aec7139822f728de92f0506dec9

(this sample)

AgentTesla

Executable exe 8678f9a3ecfd06cd0f5f2ecd34414ccfd0dc475b8f7d4269e330b5935a8e8f99

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8678f9a3ecfd06cd0f5f2ecd34414ccfd0dc475b8f7d4269e330b5935a8e8f99

Comments