MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5336b780e3fbd07098d2843359070365046f3dc8b6806b569952f7d342c436c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5336b780e3fbd07098d2843359070365046f3dc8b6806b569952f7d342c436c0
SHA3-384 hash: a406ce86ba8ffd828720e5c0cb05aa55ebaee78a995369b8b996e1a292052136bf0c2aa97c841a6fbac2ac7d7c45f867
SHA1 hash: 6b38279dd2007e7ed53f7cdf05c7bec61ee9c0c4
MD5 hash: 3c6bab575c8ab03f30f4a0de35f08585
humanhash: vegan-sierra-muppet-november
File name:UHP RFQ E010 RFQ FOR DC UPS SYSTEM CUT OFF DATE 15 AUGUST 2020.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-08-13 06:49:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:1dr07y+jr03+l03++LLrxjMIFFdVJDa4m1mJLJfdmZ:Ay+f03+l03+6fxjMGdVJDZm1mBjmZ
TLSH FF65CE1023E5556FE52A3A348E32571406767C926939C2C93ACF72CF9E3C7ED8710B6A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.atlasofset-tr.com
Sending IP: 78.40.217.82
From: LEE JUN WOO <angalos@hec.co.kr>
Subject: URGENT [HYUNDAI MOTOR CCPP] DC & UPS SYSTEM / RFQ Issuance / Cut-off date : 2020-08-15
Attachment: UHP RFQ E010 RFQ FOR DC UPS SYSTEM CUT OFF DATE 15 AUGUST 2020.IMG (contains "UHP RFQ E010 RFQ FOR DC UPS SYSTEM CUT OFF DATE 15 AUGUST 2020.exe")

AgentTesla SMTP exfil server:
smtp.mitsoi.com:587

AgentTesla SMTP exfil email address:
missionary@mitsoi.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5336b780e3fbd07098d2843359070365046f3dc8b6806b569952f7d342c436c0/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 06:51:05 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=km3lpahd7pihbggsqqzvsbydmucg6poiw2agwvuzkl35gqweg3aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5336b780e3fbd07098d2843359070365046f3dc8b6806b569952f7d342c436c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 5336b780e3fbd07098d2843359070365046f3dc8b6806b569952f7d342c436c0

(this sample)

AgentTesla

Executable exe 1dd86f0bc8a9e1a5a7286cc1503b0713f3a44ff4050265da57d5ad8a26f9f46f

  
Dropping
MD5 f5f620cf2f5d25c926ac902842f5f576
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1dd86f0bc8a9e1a5a7286cc1503b0713f3a44ff4050265da57d5ad8a26f9f46f

Comments