MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68d351ac3a79671d528c97e15fb17655699a6478e8e323c258ba45fc31d6c7e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68d351ac3a79671d528c97e15fb17655699a6478e8e323c258ba45fc31d6c7e9
SHA3-384 hash: 611144de7536586f8d311c1aaf08b91faa8a2d4b5dd01ccda270629e829ee39a4dde786e9b31113fee6c38fc9e81535c
SHA1 hash: 2a9186391e67c2ef7208b8d07c3b96623c193a13
MD5 hash: 613c9e1e5ef943ae5066b64880e10c09
humanhash: magazine-ink-angel-montana
File name:PBE120952.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'507'328 bytes
First seen:2020-08-31 10:23:17 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:MFDa7IGAvxS8FZ+neJvpHEurgwkPn68ac:M5GAvzFZyeTEV689
TLSH C365D013131E9B2ED80877B9349000DCE2F16F41EE35E1D8FD4B31EA696A24EB5DD692
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwc-hwp-598099-769741
Sending IP: 104.168.151.81
From: info@abynteck.com<info@abynteck.com>
Subject: RESEND ORDER PO-120952
Attachment: PBE120952.IMG (contains "PBE6VJP2ZrQDWt7.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.HEUR.QVM03.0.9B4E.Malware.Gen.7434.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68d351ac3a79671d528c97e15fb17655699a6478e8e323c258ba45fc31d6c7e9/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ndjvdlb2pftr2uums7qv7mlwkvuzuzdy5drshqsyxjc7ymowy7uq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/68d351ac3a79671d528c97e15fb17655699a6478e8e323c258ba45fc31d6c7e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 68d351ac3a79671d528c97e15fb17655699a6478e8e323c258ba45fc31d6c7e9

(this sample)

AgentTesla

Executable exe d4ae48fcfcd165f6000f0a950d435c28df8f1f18a633d6f5882603bf1dee6e98

  
Dropping
MD5 4c1adb4fd0b4cd96fbad1a197cf33163
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4ae48fcfcd165f6000f0a950d435c28df8f1f18a633d6f5882603bf1dee6e98

Comments