MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5559d0fc0a130ee4fdd07622562ea5f6cffab1a2b3416580cb2cac12d9915962. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5559d0fc0a130ee4fdd07622562ea5f6cffab1a2b3416580cb2cac12d9915962
SHA3-384 hash: 937de992c1fb7866765317d0fb4e1aacc436d19c7df399862f681a438261c735e5980e3dc373f3ca3c39ac0885da155f
SHA1 hash: 0b7e6aa08a84f8aa28e97727e4c37fba72ff1c5a
MD5 hash: 4891c41764e4915afeee6a5557069f67
humanhash: stairway-gee-delaware-colorado
File name:09874543.IMG.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'600 bytes
First seen:2020-11-20 07:49:49 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:XNIMBBzkIcRLvoi+ar6sSD4VWut7y8EAmg+S8:dIMX4IyDm06bD4kut79EAmDX
TLSH 18946CB4741A94A1F46B8A77A5F9BE5402737E87D9C72C0821ACF2521BF7392BD0244F
Reporter abuse_ch
Tags:iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: iserv.net
Sending IP: 193.142.59.157
From: magnumtol@iserv.net
Subject: RFQ
Attachment: 09874543.IMG.iso (contains "09874543.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5559d0fc0a130ee4fdd07622562ea5f6cffab1a2b3416580cb2cac12d9915962/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 02:38:34 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvm5b7akcmhoj7oqoyrfmlvf63h7vmncwnawlaglfswbfwmrlfra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 5559d0fc0a130ee4fdd07622562ea5f6cffab1a2b3416580cb2cac12d9915962

(this sample)

AgentTesla

Executable exe 32a029c9eeef1d1b39d8ff5c7e11d6c67de049c2d0f5270b14372eae061d41e6

  
Dropping
MD5 d0220fa161a30af111f5f763b9d6054b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 32a029c9eeef1d1b39d8ff5c7e11d6c67de049c2d0f5270b14372eae061d41e6

Comments