MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 447b75b5c6a3ad14eea4a3315cf59a0035c2e4d12d2e79539694bafbe8ca85d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 447b75b5c6a3ad14eea4a3315cf59a0035c2e4d12d2e79539694bafbe8ca85d6
SHA3-384 hash: ec1c98323de0a04365aceed42fc4a63806af3bbb6a5bcdb50d9b2f711a9e56623cd8a3a79ef599fec6c8eab5504d6791
SHA1 hash: fd3a505c86307ec02dc1fcd4614eefcf1c73fff5
MD5 hash: 11db9883027109e3797a47cc56891708
humanhash: cat-venus-venus-delta
File name:SWIFT.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'703'936 bytes
First seen:2021-01-18 18:14:43 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:MQW/YFytdqdJxL5ZC5tYx2+Eto03ewXk4kJdyZSt:HeAdJxromx2+vIeJvu8
TLSH 6875AE251398DB21DBFCA7F9980051A037A9DE42F368E77CD9B6B0D66931D2804DEF81
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Mohammad Talha Imam <carriers@cyber.net.pk>
Subject: FW: Dostavljanje SWIFT-a
Attachment: SWIFT.IMG (contains "SWIFT.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1660.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/447b75b5c6a3ad14eea4a3315cf59a0035c2e4d12d2e79539694bafbe8ca85d6/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 18:15:08 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ir5xlnoguowrj3veumyvz5m2aa24fzgrfuxhsu4wss5px2gkqxla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/447b75b5c6a3ad14eea4a3315cf59a0035c2e4d12d2e79539694bafbe8ca85d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 447b75b5c6a3ad14eea4a3315cf59a0035c2e4d12d2e79539694bafbe8ca85d6

(this sample)

AgentTesla

Executable exe bc9a46b5c7cd6b3da735da819ef3f0298259761e87580cb2e61341ee41505471

  
Dropping
MD5 220c3719c2a430a807fd6dde448b0ef9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc9a46b5c7cd6b3da735da819ef3f0298259761e87580cb2e61341ee41505471

Comments