MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 613543d1b0e6fcd3958ccd5353a6782dc165670e0b1f927eed71f1a80e5bd8db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 613543d1b0e6fcd3958ccd5353a6782dc165670e0b1f927eed71f1a80e5bd8db
SHA3-384 hash: 0d7b943ee9310e023208dde593dcd95c4452b21e60af57dd5a8abe83a551478889b05e3f32555483891a8315158bf06c
SHA1 hash: cb02b44df923a592213bcd648ac71b59d43ed6f4
MD5 hash: bdb4d10faf4bc4fb59d01a82c44e54a8
humanhash: salami-coffee-double-moon
File name:INV048194 1310202_DSV Loading_PDF.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:720'896 bytes
First seen:2020-10-14 14:26:28 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ufoiNwgV7O95HpmhOKYZa6DrLkGZ47rt9otsscy8vus9uzZSV2UZWDaQ:ufoOVy95HpmNUa6DrLkGZ47NscNvNZWD
TLSH A0E4AE4A3F81AE0EFA2D4C71C43D193C9290E15A7287F347E526A5D47E4E36DAE021F6
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv.macrolabserver.com
Sending IP: 46.30.241.166
From: Vincenzo Pugliese <vincenzo.pugliese@it-dsv.com>
Subject: Loading- n. ordine 3042495
Attachment: INV048194 1310202_DSV Loading_PDF.img (contains "INV#048194 1310202_DSV Loading_PDF.exe")

AgentTesla FTP exfil server:
trend.fischer-landmaschinen.me:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.57246.17364.20002.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/613543d1b0e6fcd3958ccd5353a6782dc165670e0b1f927eed71f1a80e5bd8db/
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 17:26:57 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=me2uhunq436nhfmmzvjvhjtyfxawkzyobmpze7xnohy2qds33dnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/613543d1b0e6fcd3958ccd5353a6782dc165670e0b1f927eed71f1a80e5bd8db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 613543d1b0e6fcd3958ccd5353a6782dc165670e0b1f927eed71f1a80e5bd8db

(this sample)

AgentTesla

Executable exe 90e924dabd3353c5a2ed1c8e623260c1589042eb472df640b22d4e41d75db920

  
Dropping
MD5 d40b80c7d7476d7ac9e1b73decee289f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 90e924dabd3353c5a2ed1c8e623260c1589042eb472df640b22d4e41d75db920

Comments