MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62bb08b67351aa4c377072706b4c83e52db488498e82a6de0f1619c846b2fcb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62bb08b67351aa4c377072706b4c83e52db488498e82a6de0f1619c846b2fcb1
SHA3-384 hash: 353b196875e4d3441d15d4d93220ae646c1ab77289b5054b2eea63fcf69124b48c47fe851cf7b1a3080f4aacecb04edb
SHA1 hash: b38af8893dee650a212cdeff4ddaeb1ff4e2b413
MD5 hash: 80946bf17dd05bdfba5ada474f990ef4
humanhash: oklahoma-alpha-connecticut-kilo
File name:NEW_ORDER.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'162'688 bytes
First seen:2020-04-30 08:16:37 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:/4lavt0LkLL9IMixoEgea7OuNUJBubZsgGaTBnz1gq9MmCS:6kwkn9IMHea7OuNUJUbZsgvTBneaPCS
TLSH 88A5CF03339D82A5D27E5133BA15B701AE7B78250561F4FB2FBB0639AA101E14E1E76F
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.beoxies.ga
Sending IP: 94.177.242.23
From: IMPORT M.Polk D.O.O<donatella@fabiorusconi.it>
Subject: Re: New Order
Attachment: NEW_ORDER.IMG (contains "New order po #008110.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 18:03:59 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mk5qrnttkgveyn3qojygwted4uw3jccjr2bknxqpcym4qrvs7syq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 62bb08b67351aa4c377072706b4c83e52db488498e82a6de0f1619c846b2fcb1

(this sample)

AgentTesla

Executable exe c148d7544c90541afc565d03219b8c579ac18a52b1baa3e70eb22bf12cc9a96e

  
Dropping
MD5 5b5553299f65c7b8fb22dadb2421bf49
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c148d7544c90541afc565d03219b8c579ac18a52b1baa3e70eb22bf12cc9a96e

Comments