MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 557967fb46e81c3a80c8c989c29d51171923896214f14441245bc8352031cfb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 557967fb46e81c3a80c8c989c29d51171923896214f14441245bc8352031cfb0
SHA3-384 hash: ff4aeaafa0f7496f3871fd1fc8d7ea4a5827850068aec74f04ccb5ff820adc8bae81497af638b9837f7999ea1d3f506e
SHA1 hash: 065aa1cffed88e11759807f18567b0f7e37d0ae0
MD5 hash: 4c097b977a7816398d58379f4cc48a3d
humanhash: east-bakerloo-delaware-vermont
File name:QUOTATION.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'162'688 bytes
First seen:2020-05-11 08:53:45 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:etb20pkaCqT5TBWgNQ7anQ4l9xFP0tAznrl/18yVRRAMmtJ6A:LVg5tQ7anP9L82z5/6yWFn5
TLSH 07A5E01273DEC360C7B25273BA2577026EBB782506B1F96B2FD8093DB920161525EB73
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 104.168.202.76
From: Mary Kon <faithpurchase2010@gmail.com>
Reply-To: Mary Kon <faithpurchase2010@gmail.com>
Subject: REQUEST FOR QOUTATION
Attachment: QUOTATION.IMG (contains "QUOTATION.exe")

AgentTesla SMTP exfil server:
smtp.goldenfance.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:36:26 UTC
File Type:
Binary (Archive)
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kv4wp62g5aodvagizge4fhkrc4mshclcctyuiqjelpedkibrz6ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 557967fb46e81c3a80c8c989c29d51171923896214f14441245bc8352031cfb0

(this sample)

AgentTesla

Executable exe 9425f9a54ad43dca39af1cd5f86eb4570927c5ee5d21cbe69e9ed2774fc1f676

  
Dropping
MD5 43b3ba7e1f0efb4bf143a32fba872393
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9425f9a54ad43dca39af1cd5f86eb4570927c5ee5d21cbe69e9ed2774fc1f676

Comments