MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e14ef98be2e7e55d797b7f77639613c9958c0732f4488fcbb969646e41a229d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e14ef98be2e7e55d797b7f77639613c9958c0732f4488fcbb969646e41a229d
SHA3-384 hash: c48a601c5354abd91ad52b12e972cc38093185a49ea74aa9f1458f6e9e630f334a9214be7d190b42de5cc69dac0d759a
SHA1 hash: 36c29aa965796fe1d0f15215d3b595b81b6536db
MD5 hash: 72b00ab7b6ef1c8b45f7aad7c3a1496c
humanhash: queen-batman-july-romeo
File name:ETC-20-3049-R.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:780'288 bytes
First seen:2020-10-13 14:53:38 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:IqRB8S3vf0AyF0xz0TFpt9c1t59QqEsoW4H6ZiZ:tjb3v8LTFpvc1N8H6
TLSH 60F49D496F426E0EFA6D4C71C43D1938D220F1EAF207F247A52AA5D4BE4E35EAE011F5
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pirtek.co.uk
Sending IP: 45.88.3.137
From: Rajan Gurung <Rajan.Gurung@pirtek.co.uk>
Subject: NEW INQUIRY : ETC-20-3049-R
Attachment: ETC-20-3049-R.iso (contains "ETC-20-3049-R.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.57234.6637.20202.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e14ef98be2e7e55d797b7f77639613c9958c0732f4488fcbb969646e41a229d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-13 14:18:17 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nyko7gf6fz7flv4xw73xmolbhsmvrqdtf5cir7f3s2lenza2ekoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6e14ef98be2e7e55d797b7f77639613c9958c0732f4488fcbb969646e41a229d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 6e14ef98be2e7e55d797b7f77639613c9958c0732f4488fcbb969646e41a229d

(this sample)

AgentTesla

Executable exe 5ab3356b442f26bcaf9162a636f3ff366aea3af4031efdf46cc800830d95a84d

  
Dropping
MD5 65a5db8c5f12fb3b7810b5b22d14d247
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5ab3356b442f26bcaf9162a636f3ff366aea3af4031efdf46cc800830d95a84d

Comments