MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88357c25d82cefe48ae542b169764f43dfa7a375cf44c12c991b204f09547b22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88357c25d82cefe48ae542b169764f43dfa7a375cf44c12c991b204f09547b22
SHA3-384 hash: 565e176c0246f9056afe18d1c4367a1f23be9af977ff478a404ba0e710ced43f8fb36818ebd9d5d3bcff87027b472ea7
SHA1 hash: f4621d286d9be823dc2072bb59621809b4063cee
MD5 hash: c49d71d0e16ac57a8cae730b2b0a58e1
humanhash: bulldog-mobile-six-utah
File name:IMG_00014727202920.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-04-30 05:59:59 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:fUY9MZ7HVPIzDXwU5d6vZSta4y4anGPckoK+SngQB9TUC:MpZ7H6lP6vZSt1HUrko
TLSH EA45CFAD775476EFC417CD3289A41C24A721B4A6830BD703B49F16AD9B0E9DBCF142A3
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ded1603.inmotionhosting.com
Sending IP: 173.247.244.178
From: Joanne Pang <joanne@courtpioneer.com>
Subject: Acknowledgement TT
Attachment: IMG_00014727202920.IMG (contains "IMG_00014727202920.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Geniso
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 08:27:47 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ra2xyjoyftx6jcxfikyws5spipp2pi3vz5cmclezdmqe6ckupmra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 88357c25d82cefe48ae542b169764f43dfa7a375cf44c12c991b204f09547b22

(this sample)

AgentTesla

Executable exe aa7580b3b616549d1c2a826c3ab6b76dceb30ba03aed1705744c75404cc8a856

  
Dropping
MD5 93852a356ec7e42119dafc1814736fd6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa7580b3b616549d1c2a826c3ab6b76dceb30ba03aed1705744c75404cc8a856

Comments