MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66da60c130a9ae87762c2d8d42028ccd274b6bdf31a7b7297b647ce419199ca6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66da60c130a9ae87762c2d8d42028ccd274b6bdf31a7b7297b647ce419199ca6
SHA3-384 hash: 4c26df515e400410bbfc2324eb0b73e28cc4aac5369a439570627ec9850d6649b3337116598ee2e76cd1c81999f106bb
SHA1 hash: f9144b9a92cde23f1d5f8cf69f5c2dbb8e0efedd
MD5 hash: 16b5d7321d686a2c0b2e91fa020ebdae
humanhash: pasta-xray-spaghetti-rugby
File name:informe bancario.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'572'864 bytes
First seen:2020-07-01 06:25:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:eOPXUWD6wEc0bp8RoMTKTNTEe7S6w2tl:e9+EFFhMYl7S6jtl
TLSH A4759D22E2D28837D17326788D5BB395983ABE10FD7858867BE90D4C5F386817C353A7
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.novasolutions.com.ec
Sending IP: 192.99.233.222
From: PAGOS <pago_navieras@torresytorres.com>
Subject: Re: DEVOLUCIÓN DE PAGO TT (Ref 0180066743)
Attachment: informe bancario.img (contains "informe bancario.pdf.exe")

AgentTesla SMTP exfil server:
mail.arigmed.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.4.12257.1718.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66da60c130a9ae87762c2d8d42028ccd274b6bdf31a7b7297b647ce419199ca6/
Threat name:
Win32.Trojan.DelfFareIt
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 06:27:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m3ngbqjqvgxio5rmfwgueaumzutuw267ggt3okl3mr6oigiztsta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 66da60c130a9ae87762c2d8d42028ccd274b6bdf31a7b7297b647ce419199ca6

(this sample)

AgentTesla

Executable exe 55ab79c9e4c0bf193dce0259310aee546bedd4b1f855bfd62a1cba8833134354

  
Dropping
MD5 088c78ca3a6515af7a9c31bd13809919
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 55ab79c9e4c0bf193dce0259310aee546bedd4b1f855bfd62a1cba8833134354

Comments