MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33be206fb0cae721a3447d4409f85228dfc66b6830a00dc6241e938736a40e3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33be206fb0cae721a3447d4409f85228dfc66b6830a00dc6241e938736a40e3a
SHA3-384 hash: 671e244328d98f2c71e6273382dd528b4be68a9ddefd3fa961afe441f0bc54d6ee15a61fd58b16a1a4f68c79458d18c2
SHA1 hash: 6b7528f4da8c43cb66879dbe71fbe43fa5a07ca2
MD5 hash: 4f86b73b6200a2fbb0953b4907e13d68
humanhash: low-golf-failed-mexico
File name:Quote U11156111 pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'507'328 bytes
First seen:2020-10-27 10:24:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:n2PyO6boF2ZCqEQ2YLRC6TCzyNzXtRtzXWZtWaUTkQOSRxXFqAfnBg2Egqmv:n2PT6bozDYLvmy1ijVCv
TLSH A36559D8FD13F59EC41684F5C99DDD6CAA10EF69030A8D02A01BF3595A39A5ECEC84F2
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: ibmml.xpressgt.co.za
Sending IP: 154.70.130.26
From: Shanaaz Zimmery <admin2@milmining.co.za>
Subject: Fwd: ENQUIRY
Attachment: Quote U11156111 pdf.img (contains "PO#GHY5678_pdf.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.26013.26438.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33be206fb0cae721a3447d4409f85228dfc66b6830a00dc6241e938736a40e3a/
Threat name:
ByteCode-MSIL.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 06:20:05 UTC
AV detection:
8 of 29 (27.59%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=go7ca35qzltsdi2epvcat6csfdp4m23igcqa3rred2jyonveby5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 33be206fb0cae721a3447d4409f85228dfc66b6830a00dc6241e938736a40e3a

(this sample)

AgentTesla

Executable exe aa4f4f8ac48785ec451782742032ae5055d653cf1ebfbdfc46cc3c24b3af77c2

  
Dropping
MD5 268bdd8235af5de46ad4091d7a10153b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa4f4f8ac48785ec451782742032ae5055d653cf1ebfbdfc46cc3c24b3af77c2

Comments