MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 432e5d397a02a6f2cd3767aeade4baa595a27a8dabec5d8b8acc8bb9439549af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 432e5d397a02a6f2cd3767aeade4baa595a27a8dabec5d8b8acc8bb9439549af
SHA3-384 hash: fd0dc9963dabccf740b80f6aa6b95b599c58e1123fd49cbbbb080fce2e3399ad0f60df236559320b49c091182eb36ffd
SHA1 hash: cfc0f5b9f42e23609928281aa2e87cc25601698e
MD5 hash: e055913125eb97a6cdecb5f3e97491d4
humanhash: charlie-ink-fruit-fillet
File name:ADDR0067-P001A.IMG.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:329'728 bytes
First seen:2020-10-23 08:54:15 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:QeLmR27vD7itwuLr95+lWSyoEMQRzSeq+RO/kFEPH:Q2Xw/qmoEMQ5Seq+RO/kFEP
TLSH 09646C4A3784318FCA62E471C5542E2CF731E1266317D257E11B92E8AFCE7AEDE011B6
Reporter abuse_ch
Tags:AgentTesla iso Telegram


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nginxproxy.fleming.events
Sending IP: 195.168.10.2
From: Ertina Chan <saleseurope@dynamic-test.com>
Reply-To: Ertina Chan <scotmcnamam@gmail.com>
Subject: RFQ for ATTACHED P/N# ADDR0067-P001A
Attachment: ADDR0067-P001A.IMG.iso (contains "ADDR0067-P001A.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.418805.2385.23370.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/432e5d397a02a6f2cd3767aeade4baa595a27a8dabec5d8b8acc8bb9439549af/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 07:37:14 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=imxf2ol2aktpftjxm6xk3zf2uwk2e6unvpwf3c4kzsf3sq4vjgxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 432e5d397a02a6f2cd3767aeade4baa595a27a8dabec5d8b8acc8bb9439549af

(this sample)

AgentTesla

Executable exe 2d65f98577cae0d1e463145ab9394a5cc02605d9b6e46e4f98bcaa340d38a3f5

  
Dropping
MD5 2129d75d6bf0a79290937be1854bebde
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2d65f98577cae0d1e463145ab9394a5cc02605d9b6e46e4f98bcaa340d38a3f5

Comments