MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58d009b25a761727f04a42f13121a79d75ff286cd1f63852afdb781be5ae9bc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	58d009b25a761727f04a42f13121a79d75ff286cd1f63852afdb781be5ae9bc8
SHA3-384 hash:	16f2da888e6a1fba11103c99d9474d7a0663eab691c83c8a7afeaeeee700dab93c083d80f02e64f0c2a95f5cb7456028
SHA1 hash:	d5b0aaebc115e944f085190f1d3018b6a56f973d
MD5 hash:	e7a47e0349b92d39ae4cae706da73db3
humanhash:	dakota-cat-march-avocado
File name:	order_900000000000000.img
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'521'088 bytes
First seen:	2020-05-27 12:33:22 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:5GSPEt6p30O2UmxNimXDlKFLIbsL1swv91SrSlPq2Jwz38OX:oSLp30ORibql1swHC2eQ
TLSH	72C53D23ED458647E02803FCF86A1DB56A6E2705F543ABFE607A0FCE2E015661E8717D
Reporter	abuse_ch
Tags:	AgentTesla geo img TUR

abuse_ch

Malspam distributing AgentTesla:

HELO: batiotomotiv.com.tr
Sending IP: 131.153.50.147
From: Osmangazi import <ikayhan@batiotomotiv.com.tr>
Subject: Re:Re:Re: siparişi
Attachment: order_900000000000000.img (contains "order_900000000000000.exe")

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.CAP_HookExKeylogger.25973.4586.UNOFFICIAL

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/364459

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Geniso

Status:

Malicious

First seen:

2020-05-27 12:37:30 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

13 of 48 (27.08%)

Threat level:

2/5

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 58d009b25a761727f04a42f13121a79d75ff286cd1f63852afdb781be5ae9bc8

(this sample)

AgentTesla

exe f317843c047e64474a2c0a9207f70f67a4cc9298065a3611d947f186d6733fb7

Dropping

MD5 04147dc4f5fe55e54465c49d067bcb68

Dropping

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 f317843c047e64474a2c0a9207f70f67a4cc9298065a3611d947f186d6733fb7

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample