MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a8719f2815ee448425795ec6b02edfb1e9d0c19918962892a62cee8df730f67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 4a8719f2815ee448425795ec6b02edfb1e9d0c19918962892a62cee8df730f67
SHA1 hash: f49eaf76bf1981b1095d56e7744bb088d164ddd1
MD5 hash: 44acd4ac0ff52b0e01b0e662f3cda1b9
File name:PDF_437953793264.IMG
Download: download sample
Signature AgentTesla
File size:2'031'616 bytes
First seen:2020-05-22 13:37:13 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:1tb20pkaCqT5TBWgNQ7aCtviVjcvQsY0nbLX5zoN01iRERxqesTB+c6A:mVg5tQ7aCNiVjcvdLN0Ni+N5
TLSH D595CE1363DD8260C37E51737A167701AE7B782536A1FCFB2FD8093CA9201215E5A66F
Reporter @abuse_ch
Tags:AgentTesla img


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.214
From: office@jinpao.us
Subject: Order14697
Attachment: PDF_437953793264.IMG (contains "favohhed.exe")

AgentTesla SMTP exfil server:
smtp.cnlcherm.com:587

Intelligence


Mail intelligence
Trap location Impact
DE Germany Low
Global Medium
# of uploads 1
# of downloads 19
Origin country US US
ClamAV Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
VirusTotal:Virustotal results 21.67%
ReversingLabs :No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 4a8719f2815ee448425795ec6b02edfb1e9d0c19918962892a62cee8df730f67

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments