MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33748cbe32b703c8fb38fc89a8d3e7312ec9b326c6ac137f3c9cc2b895a76dbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33748cbe32b703c8fb38fc89a8d3e7312ec9b326c6ac137f3c9cc2b895a76dbf
SHA3-384 hash: 3a29f0b464e65fa5b002570d32c83e28faa864404a2759d1492c6f81d7b51f4688c60f05d6d1dfb5a349e70070f9a13d
SHA1 hash: 557ab67ba189ed10bbbbc8eba70bb24106b249c9
MD5 hash: 1f3b2bd253a5857db86653ba44745cfb
humanhash: eight-bulldog-lactose-edward
File name:Payment swift copy.IMG.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:876'544 bytes
First seen:2020-08-18 11:44:28 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:n+p7p8KESESHe4/gD6WDSqWl/LDGTGM5irKAKDkhV/jNM8Z8NwER:WtRES4DBSq2KG2b/YhV/xrZe
TLSH D115AF26B2E0443FD067153D9D0B97B4783ABE202E289D866BF55C4F4F3D68139392A3
Reporter abuse_ch
Tags:AgentTesla HSBC iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: swn0.pinotvineryms.ga
Sending IP: 134.209.153.18
From: "HSBC BANK " <info@pinotvineryms.ga>
Subject: Re: Payment swift copy 18/08/2020- Swift Ref:[SWFA31093538] / ACH credits / Customer Ref:[HX985310810741] / Second Party Ref:[24]
Attachment: Payment swift copy.IMG.iso (contains "pc1.exe")

AgentTesla SMTP exfil server:
smtp.visgring.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33748cbe32b703c8fb38fc89a8d3e7312ec9b326c6ac137f3c9cc2b895a76dbf/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:46:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gn2izprsw4b4r6zy7se2ru7hgexmtmzgy2wbg7z4ttblrfnhnw7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/33748cbe32b703c8fb38fc89a8d3e7312ec9b326c6ac137f3c9cc2b895a76dbf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 33748cbe32b703c8fb38fc89a8d3e7312ec9b326c6ac137f3c9cc2b895a76dbf

(this sample)

AgentTesla

Executable exe dc5fee6bdb6b8ee6e0a8992c7d4386c965b4a4ebae89b87d349602f0d3fba207

  
Dropping
MD5 9c97426b60c68fde0b9d2f7141bb967c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc5fee6bdb6b8ee6e0a8992c7d4386c965b4a4ebae89b87d349602f0d3fba207

Comments