MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74163e94c03ed3b4718b41e88fdc7ad92a50481244606cec5d74cbd4f5a48336. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	74163e94c03ed3b4718b41e88fdc7ad92a50481244606cec5d74cbd4f5a48336
SHA3-384 hash:	4856f380843a0198bee2aa08c97a2821144dba87d82472de63c250c5becb560afe4beb069c7deea9bfbfba58eee7e5ca
SHA1 hash:	8985e415be3fd87c95ad8d78558fcc65aac11ed1
MD5 hash:	faa541fe2872351a7581daa9eb629189
humanhash:	fruit-oklahoma-mars-spring
File name:	order_403_korea.img
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'521'088 bytes
First seen:	2020-05-27 07:43:48 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	12288:jGS4Et6CD9O8UmxNimXDlKFLIbsL1swv91SrSlPq2Jwz38O:SSWC5O7ibql1swHC2eQ
TLSH	C5C51A27EC019647E02D03FCF8475DB56A6E1B06B543ABFE21B60ECE2E016562E8717D
Reporter	abuse_ch
Tags:	AgentTesla img

abuse_ch

Malspam distributing AgentTesla:

HELO: sejon.co.kr
Sending IP: 131.153.50.147
From: Sejon Corporation <sejon@sejon.co.kr>
Subject: Re:Re: 주문
Attachment: order_403_korea.img (contains "order_403_img.exe")

AgentTesla FTP exfil server:
ftp.behnazgroup.ir:21

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Razy.672095.22197.17838.UNOFFICIAL

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/364453

Behaviour

Behavior Graph:

n/a

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Agensla

Status:

Malicious

First seen:

2020-05-27 09:07:21 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

13 of 30 (43.33%)

Threat level:

5/5

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 74163e94c03ed3b4718b41e88fdc7ad92a50481244606cec5d74cbd4f5a48336

(this sample)

AgentTesla

exe cea60f7a30f3b97b616185c051f4e73ed69e05984af710db7844de905848a250

Dropping

MD5 07901359548fb96d817c652df6bb3a33

Dropping

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 cea60f7a30f3b97b616185c051f4e73ed69e05984af710db7844de905848a250

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample