MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78b4de4eabfbde0dee980463fc2d52fceb0ead07f86d01a06f0d23ad2542a441. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78b4de4eabfbde0dee980463fc2d52fceb0ead07f86d01a06f0d23ad2542a441
SHA3-384 hash: eb4d96b14a56ceb7595902046ff36eabc81b0cef6377eec06bf42e2d9e87d9f2601eb6344c0ba20d43fcb8b529447061
SHA1 hash: fe2140fd16ef73194f41e7ce82a79fcb9390bb19
MD5 hash: 1fbf1eb4a47852ee5d61aad06ef1e5d7
humanhash: three-jupiter-lithium-jupiter
File name:IMG-2020-3181-8765.001
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-28 06:43:22 UTC
Last seen:Never
File type: 001
MIME type:application/x-iso9660-image
ssdeep 6144:vGSzYBchg4z6VEJD6LpYbH5GBcEj8HflfjTR7EYeewfcs9wbC5c40UUZMse0GaQL:vGSj6VEt6+HflfhGfcqUZ6qK
TLSH 4A454B3E7E85A815E13C497940E55290A2B5B6832E01C72F7ACFA79CAF013FE770529D
Reporter abuse_ch
Tags:001 AgentTesla Gmail


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail-ej1-f65.google.com
Sending IP: 209.85.218.65
From: quoc viet dang <vietlinhjsc0683@gmail.com>
Subject: Request for meetup
Attachment: IMG-2020-3181-8765.001 (contains "IMG_2020.SCR")

AgentTesla SMTP exfil server:
mail.nirvana-voyage.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.672128.4179.21989.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:41:08 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
15 of 31 (48.39%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

001 78b4de4eabfbde0dee980463fc2d52fceb0ead07f86d01a06f0d23ad2542a441

(this sample)

AgentTesla

Executable exe 44e6264f0103b7359cd617f989c6fdd35e3bfec38a0376ae147d63611caad922

  
Dropping
MD5 e5fbb6171477af2216971f8c17e22090
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 44e6264f0103b7359cd617f989c6fdd35e3bfec38a0376ae147d63611caad922

Comments