MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4831e4687c757ad5ffb043322ba61fed6e89968026c77b6d2e1f11806061f78c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4831e4687c757ad5ffb043322ba61fed6e89968026c77b6d2e1f11806061f78c
SHA3-384 hash: 0464b8822e8422fd72ac7b0cc93eab3098b02e562397f149ced8318c07120fa388dd677a41180aaf2c18e8fff21331bc
SHA1 hash: 016bb5a6316c5058a2f3a328e39a49ada959ffc7
MD5 hash: 43ad56e8a4a44ba829521acec6583cbf
humanhash: georgia-failed-apart-ten
File name:SWIFT_DBS_9001_slip0034_USD53,944.05.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:739'328 bytes
First seen:2020-06-26 11:53:48 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:8KCw+4gU8iIMtWEbdDtl3rsqFqeFKOSbusnuMZTHZ2/jZU1VjSipI:8VeCkbfFuXbuFMH89
TLSH 2AF4AF26E6904433CF62267D9C1B5378782A7D71292B7B463BECED4C5F352423B26287
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 150-95-112-115.conoha.io
Sending IP: 150.95.112.115
From: Miss Maria - Accounts Dept HSBC<treybd@gmail.com>
Subject: payment advice note from 26.06.2020
Attachment: SWIFT_DBS_9001_slip0034_USD53,944.05.iso (contains "SWIFT_DBS_9001_slip0034_USD53,944.05.exe")

AgentTesla SMTP exfil server:
mail.khedr-eg.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Packer.BorlandDelphi-1
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.20271.12226.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4831e4687c757ad5ffb043322ba61fed6e89968026c77b6d2e1f11806061f78c/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 11:55:06 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jay6i2d4ov5nl75qimzcxjq75vxitfuae3dxw3jod4iyaydb66ga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 4831e4687c757ad5ffb043322ba61fed6e89968026c77b6d2e1f11806061f78c

(this sample)

AgentTesla

Executable exe 0a1ca91d04ec61da5e293f32d26ea3895d35575f1be5f699018ed683e9b097f1

  
Dropping
MD5 5af7dc2440235ed7a2ad65fcfb6ced47
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a1ca91d04ec61da5e293f32d26ea3895d35575f1be5f699018ed683e9b097f1

Comments