MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 771839ec3eed276bce97882e827b365378f21e0a949fe4f481e335efc8d0e639. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 771839ec3eed276bce97882e827b365378f21e0a949fe4f481e335efc8d0e639
SHA3-384 hash: d3d2dd7dfe08ed3a33d5697fd315b8720607f56a3b10208fb83490079fab5860b76eb6722782eae7d92a55b32bebdc4b
SHA1 hash: 4e63e651cc62cc4eb33eea46c7065b589ae722d5
MD5 hash: 155ea69edb011fc63e6d70bee7a19bd4
humanhash: charlie-india-maryland-magazine
File name:IMG-43555_UTR 34444_PDF.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-28 06:00:41 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:XuiPs1DxD/A5cgd9dtOWfJ6PKVESXy88docBcsndEI6d:XuiPsXo5VdtOWfw5p+cBcsd8
TLSH 9245299D2B88F902F23E9D3782D1462142B1D1875A13DB4F7EC8DBED6B417CD298A385
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ph.phonicphaseapi.live
Sending IP: 45.95.171.224
From: Ahmed.khalid <info@bisselldirect.co.uk>
Reply-To: Ahmed.khalid <info@phonicphaseapi.live>
Subject: REQUEST FOR QUOTE
Attachment: IMG-43555_UTR 34444_PDF.IMG (contains "urban ashraf today today.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/771839ec3eed276bce97882e827b365378f21e0a949fe4f481e335efc8d0e639/
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-08-28 06:02:06 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4mdt3b65utwxtuxraxie6zwkn4pehqkssp6j5eb4m267sgq4y4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/771839ec3eed276bce97882e827b365378f21e0a949fe4f481e335efc8d0e639

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 771839ec3eed276bce97882e827b365378f21e0a949fe4f481e335efc8d0e639

(this sample)

AgentTesla

Executable exe 99dc64c72b1f6454e497a499216ad187c66e00f42ad23e3c5d240c39ed10b667

  
Dropping
MD5 8a9489d6f37a9df08fbd376ddbfb8501
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 99dc64c72b1f6454e497a499216ad187c66e00f42ad23e3c5d240c39ed10b667

Comments