MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 605e9a9eb838657afce3ed9822e1e9e9f381f8fb6ebf7f361138ed082f87dc67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 605e9a9eb838657afce3ed9822e1e9e9f381f8fb6ebf7f361138ed082f87dc67
SHA3-384 hash: 5b6aa18bec802a550d9b782062c9eb3fa959d72258d250320dcacb3cb54a14b8e86356f7a4db6201f7960fb071e4f3f2
SHA1 hash: 7822783033743332b08dec0dfd6298736c5713ad
MD5 hash: e8cb58ec08e1388dd79c194fd76bdf3c
humanhash: orange-oven-utah-three
File name:USD62,480.07 payment advice note for invoices.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:751'616 bytes
First seen:2020-06-26 08:17:59 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:SEWYuBQgNo1MTuOxYL1ITsHwDUyt3EgkRKvLaLw91iBKvF+uAY:ntIouYueWd3EzRKvOei2Fr
TLSH 87F4BF22E2E04832F052157D9D3BD6785A26BD503D685A462BF8FD0CAF35F81352E2B7
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 150-95-112-115.conoha.io
Sending IP: 150.95.112.115
From: Miss Maria - Accounts Dept HSBC<treybd@gmail.com>
Subject: payment advice note from 26.06.2020
Attachment: USD62,480.07 payment advice note for invoices.iso (contains "USD62,480.07 payment advice note for invoices.exe")

AgentTesla SMTP exfil server:
mail.khedr-eg.com:587

AgentTesla SMTP exfil email address:
mohamed@khedr-eg.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMHU.4343.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/605e9a9eb838657afce3ed9822e1e9e9f381f8fb6ebf7f361138ed082f87dc67/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 08:19:04 UTC
AV detection:
19 of 30 (63.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbpjvhvyhbsxv7hd5wmcfypj5hzyd6h3n27x6nqrhdwqql4h3rtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 605e9a9eb838657afce3ed9822e1e9e9f381f8fb6ebf7f361138ed082f87dc67

(this sample)

AgentTesla

Executable exe c66b164cb1120ffc2e7cf33e6aae762ff03e95902a7ec0066c70b3014edf8a37

  
Dropping
MD5 030c38ca3e76a1b40ef3d60898ab7955
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c66b164cb1120ffc2e7cf33e6aae762ff03e95902a7ec0066c70b3014edf8a37

Comments