MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69c05979c538d7330d6926a2d6d43061c1df78ca895d6a216d181ca4c0628e95. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69c05979c538d7330d6926a2d6d43061c1df78ca895d6a216d181ca4c0628e95
SHA3-384 hash: 70af54c97eea8467876cd9f9dab2d141cb0be0e1557dcdcdd2cc5ccf82c4ecf2559565aceea49a3325aa098d7cc079c5
SHA1 hash: fbe3624822bc52f0ebf83eedb6a602004d9e7ead
MD5 hash: d1efb26e406d49b94dfd1c8bc461338a
humanhash: mockingbird-princess-diet-lactose
File name:Request For Quotation.pdf.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:890'880 bytes
First seen:2020-05-04 21:42:31 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:EF/Ds4LoVX1hagvZVxFgxbDWcVPpiNYQ+:+JMbh9VxFgd6eqY
TLSH 9A15BF22B1904C37C1622A3F8C4B9764F92EBE51FE2866853BF91D4C5F397E13929187
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: acserviciosgenerales.com
Sending IP: 209.58.149.97
From: Sylvia Dcosta <administracion@acserviciosgenerales.com>
Subject: Request For Quotation - RFQ 05-0020
Attachment: Request For Quotation.pdf.iso (contains "Request For Quotation.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7759529-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:36:35 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nhafs6ofhdltgdlje2rnnvbqmha566gkrfowuilndaokjqdcr2kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 69c05979c538d7330d6926a2d6d43061c1df78ca895d6a216d181ca4c0628e95

(this sample)

AgentTesla

Executable exe 460fa5b8dd75116e68328d16996e31acbdb17183d127bc535a86df01889bd08f

  
Dropping
MD5 6268db66234ad00b0b784e6a1fd50170
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 460fa5b8dd75116e68328d16996e31acbdb17183d127bc535a86df01889bd08f

Comments