MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43513fcb40c45ddd7ca797592ab2dade5723113484bc1b9cf9ded15ecdb19562. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43513fcb40c45ddd7ca797592ab2dade5723113484bc1b9cf9ded15ecdb19562
SHA3-384 hash: c6fde6efa6ec790cd3752671081102633f2f8701e34e796e4e17de7444fa96af62aafe14249bfb0565e6ef5d393a46fe
SHA1 hash: 193c4b3f2135005d98f473bafd54ca0344820aed
MD5 hash: 50eec4c07d1deadd5179a906111bd02b
humanhash: twelve-michigan-video-cat
File name:New Order_78947533.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'036'288 bytes
First seen:2022-03-14 14:47:25 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:1KBQyuQBn1C2dRfngHg+KvWhv8gXjAU2xAhzA:1KBQiHHfgHgY/zRaAhzA
TLSH T16F25F1A03E496FD1F9399BF0005A466F83E329663E13D9792EF42AC7061FF069465B13
Reporter cocaman
Tags:AgentTesla img


Avatar
cocaman
Malicious email (T1566.001)
From: "Melissa Debardelabon <Melissadebradelabon@innovant.com>" (likely spoofed)
Received: "from innovant.com (vps-zap888406-1.zap-srv.com [45.137.117.7]) "
Date: "14 Mar 2022 02:53:34 -0700"
Subject: "RE: New Enquiry From Mirage Consultancy Services"
Attachment: "New Order_78947533.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs921.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fareit nanocore obfuscated packed
Link:
https://www.filescan.io/uploads/622f55a5b94fb38cb47b6004/reports/1c045f31-23de-4fc1-853b-c84b31cf2ce3/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43513fcb40c45ddd7ca797592ab2dade5723113484bc1b9cf9ded15ecdb19562/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-03-14 14:13:19 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
17 of 42 (40.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=init7s2ayro527fhs5msvmw23zlsgejuqs6bxhhz33iv5tnrsvra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/43513fcb40c45ddd7ca797592ab2dade5723113484bc1b9cf9ded15ecdb19562

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 43513fcb40c45ddd7ca797592ab2dade5723113484bc1b9cf9ded15ecdb19562

(this sample)

AgentTesla

Executable exe 6fb65bc4acc74897161479479f1afe16dbc36539fdbf9ddc898a65930c1b6538

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6fb65bc4acc74897161479479f1afe16dbc36539fdbf9ddc898a65930c1b6538

Comments