MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 421af913ce96aac2aa5756219a5c6c2aba60d1db425320dab8e1c5c18ee0933e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 421af913ce96aac2aa5756219a5c6c2aba60d1db425320dab8e1c5c18ee0933e
SHA3-384 hash: 9e21caddfee8d5dec1e6843782fbd9c28aa1757e7b552d73e350a2845fb1f405861ce56d7a8816562aba8c97eb6d4b84
SHA1 hash: 70e7f93f6d866c3d0afc6e89fe0c1e120deb5014
MD5 hash: 918db61c740aaa62831c58c10f782462
humanhash: mango-artist-eight-north
File name:efs-specialist.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-11 14:38:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:BrHxKtZcUeVRPzY4RJrIV5vSuZmq/EPNpOvWKXj/+8:B9KXc/tzYqJrIzSAUuWAb+
TLSH 5D45BE4122AC17A5E47997F458B1A411C7B2BD2B79B8D35E6D9A30CA0BF3F81C841F27
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fwd-out.cmp.livemail.co.uk
Sending IP: 213.171.216.210
From: sales <irgen@efs-specialist.co.uk>
Reply-To: irgen@efs-specialist.co.uk
Subject: New Order inqiury
Attachment: efs-specialist.img (contains "efs-specialist.exe")

AgentTesla SMTP exfil server:
business43.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 01:46:50 UTC
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iinpse6os2vmfksxkyqzuxdmfk5gbuo3ijjsbwvy4hc4ddxasm7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 421af913ce96aac2aa5756219a5c6c2aba60d1db425320dab8e1c5c18ee0933e

(this sample)

AgentTesla

Executable exe 5625e5bd375d6e8a6584b960c3e152623ad56531937c26d38132253dce03311f

  
Dropping
MD5 dbe5bc4369fab960e3f4eddf19697b61
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5625e5bd375d6e8a6584b960c3e152623ad56531937c26d38132253dce03311f

Comments