MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dab3604ba02cac18a7ccbedb3204d41f9d8d22d14bb2583b77525c7cdd6828a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dab3604ba02cac18a7ccbedb3204d41f9d8d22d14bb2583b77525c7cdd6828a
SHA3-384 hash: b0820872dbf551e54d0aaa7276aad0942a735e00055abdf6a66b7617f0740e31915da85b2a9e9df54866c74477a314e0
SHA1 hash: 87fd58a8d7bedd10f7f71758a5e22fa476ca176f
MD5 hash: 45659482788996353862cf3f84bfd320
humanhash: five-freddie-sweet-diet
File name:INVOICE against TT, Brand Fak-tor.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-03 07:50:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:PgIzKA3ciL87ceONUzgDKVZX2H5bmHA2XU3U8/vNOyKlfdkfd12R6:PgIz187UNUzmKD2H5L2XLQvj
TLSH C145AE9C761172EFC86BC072DEA91D74EA51747B831B4213A02B25AEDB4D887DF241F2
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: joister.net
Sending IP: 103.2.236.240
From: gavintang@gulfventures.com
Reply-To: gavintang@gulfventures.com
Subject: INVOICE against TT, Brand # Fak-tor
Attachment: INVOICE against TT, Brand Fak-tor.iso (contains "INVOICE against TT, Brand # Fak-tor.exe")

AgentTesla SMTP exfil server:
mail.haden-tours.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 02:07:02 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nwvtmbf2alfmdct4zpw3gicnih45rurncs5sla5xous4ptowqkfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 6dab3604ba02cac18a7ccbedb3204d41f9d8d22d14bb2583b77525c7cdd6828a

(this sample)

AgentTesla

Executable exe 2bf65cde99e1e3f9fa30e0c07b961e36d95d84b456ee67e64fc94081d5761937

  
Dropping
MD5 511d16257a305187125e04ea651d6151
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2bf65cde99e1e3f9fa30e0c07b961e36d95d84b456ee67e64fc94081d5761937

Comments