MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44f663eeb66184ce6236d3a89a9d03579309dcf45aa1e370fe2e4250340816e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44f663eeb66184ce6236d3a89a9d03579309dcf45aa1e370fe2e4250340816e2
SHA3-384 hash: b55186c75b2ae68e9e7f79563f57229596e1b3bb8df7f4fe7450b9b831ae306aae518a40df7554d817f45c926e7f2e81
SHA1 hash: a146694ca76a6f462f19e336c7cecce39630c50c
MD5 hash: cecfb2fd1bf4aba031e54763130c22b7
humanhash: ohio-london-ten-artist
File name:JB Quote.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2022-05-18 06:47:41 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:qsWsFYvNRmxgcmomM8UHTivxZTuRV4FSxT8QwD5BRxv:qsWsFqvmmcmoziJZO4FoT8DD5BR
TLSH T11445120A715CA727D4BC7FF9105122A443B5E52B7015EB6C3FCE81DA7BAAB402660B4F
TrID 99.6% (.NULL) null bytes (2048000/1)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
0.0% (.SMT) Memo File Apollo Database Engine (88/84)
Reporter cocaman
Tags:AgentTesla img QUOTATION


Avatar
cocaman
Malicious email (T1566.001)
From: "Shanmugam <shanmugam@almutlaqest.com>" (likely spoofed)
Received: "from almutlaqest.com (unknown [45.137.22.111]) "
Date: "17 May 2022 19:26:55 +0200"
Subject: "RE: Sales Quotation"
Attachment: "JB Quote.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
256
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.MSIL.AgentTesla.ESQ.MTB.19739.23197.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed replace.exe wacatac
Link:
https://www.filescan.io/uploads/628496bdfd71ca8b2eeed1a2/reports/a25316b3-cbd3-42c4-82ac-e7db9b841f97/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44f663eeb66184ce6236d3a89a9d03579309dcf45aa1e370fe2e4250340816e2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-05-17 14:15:07 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=it3gh3vwmgcm4yrw2oujvhidk6jqtxhulkq6g4h6fzbfanaic3ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/44f663eeb66184ce6236d3a89a9d03579309dcf45aa1e370fe2e4250340816e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 44f663eeb66184ce6236d3a89a9d03579309dcf45aa1e370fe2e4250340816e2

(this sample)

AgentTesla

Executable exe 2fffd654cfb99120026283e06b5e19c7e83c28bd66b6a7f895fef5a99c882f20

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2fffd654cfb99120026283e06b5e19c7e83c28bd66b6a7f895fef5a99c882f20
  
Dropping
AgentTesla

Comments