MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 655a1ff51a155b07c9810ca7548970f8a3ae1cda3442fca5782211710d812cfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 655a1ff51a155b07c9810ca7548970f8a3ae1cda3442fca5782211710d812cfc
SHA3-384 hash: 73a5f6026a4367a06ba4c1be8e9196afb8deca3c55788ca6290b4759940b1a9b3f13e224ad37212d924402199b9c582a
SHA1 hash: 1a9f7bfdabae669417077b0f2d97445f3e8f54ff
MD5 hash: 88c733755152497eb2ddc7e425da2461
humanhash: massachusetts-queen-two-iowa
File name:CATALOG RMK TRADING LTD 0028_PDF.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:915'456 bytes
First seen:2020-08-18 06:27:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:IOuGVIsTJ3CwGZJ6f4lxJP2VXcD6BYdu2r6DYG/mFO+Hw/+qafUisULO/Zxx:51JlkEAj1SXc0M6DYG8O+Hw2B1+//x
TLSH 91150161F640E640C8381172D59A82850369BDE5E9B0F63F7CCDB36B5BB32D48A16FC6
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: grabenhorst.de
Sending IP: 193.142.59.68
From: Carlos RMK <carlosrmk@grabenhorst.de>
Subject: INQUIRY/RFQ
Attachment: CATALOG RMK TRADING LTD 0028_PDF.img (contains "CATALOG RMK TRADING LTD 0028_PDF.exe")

AgentTesla FTP exfil server:
trend.fischer-landmaschinen.me:21

AgentTesla FTP exfil user name:
troopss@fischer-landmaschinen.me

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/655a1ff51a155b07c9810ca7548970f8a3ae1cda3442fca5782211710d812cfc/
Threat name:
ByteCode-MSIL.Trojan.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 06:29:07 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mvnb75i2cvnqpsmbbstvjclq7cr24hg2grbpzjlyeiixcdmbft6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 655a1ff51a155b07c9810ca7548970f8a3ae1cda3442fca5782211710d812cfc

(this sample)

AgentTesla

Executable exe 8393479c86a17c22b5c1e4f0cec4e9fd3f845d089d655175d3e6283923d4f3be

  
Dropping
MD5 78b01a5d738ffa9675277aa706f3b9a7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8393479c86a17c22b5c1e4f0cec4e9fd3f845d089d655175d3e6283923d4f3be

Comments