MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94e91ad6b157ff4b58f751649473fce3c7cd77e2b402e9be5e562ad57c65d72f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94e91ad6b157ff4b58f751649473fce3c7cd77e2b402e9be5e562ad57c65d72f
SHA3-384 hash: 426e2757541162519efe78688537e25fe8ffe215b54bdb8544370a04fb3b56082f7d2abb197d18ade7ac30a2c1a5c8bb
SHA1 hash: cd947ba8314e74ad70b4e1b604327aa1b610a3bf
MD5 hash: 56b5d92336b44befa1d56d2e6d444693
humanhash: twenty-illinois-low-black
File name:NEW ORDER JUNE 2020.PDF.ISO
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-19 16:48:13 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:zqXB2B9awuHSVqEXn6Xkno1CoUVzsQuY/s32JseFHvwYxrJ3HsoZRhSxBgxKVE92:b9aZOnoko1Cvdvts32JswoirJ3BXDx/
TLSH FF45F18E45688030F52697BCC8D3742722B4B064ED63F3A87F4E22F75B19BC18D55A9B
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.ence.marketing
Sending IP: 62.138.11.76
From: sales@rgpumps.com.ar
Reply-To: serhaitoguz34@gmail.com
Subject: RE: CITA NUEVO ORDEN
Attachment: NEW ORDER JUNE 2020.PDF.ISO (contains "NEW ORDER.pif")

AgentTesla SMTP exfil server:
mail.orientalkuwait.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.KillProc2.11011.31359.17122.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 17:35:50 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sturvvvrk77uwwhxkfsji4744pd4257cwqbotps6kyvnk7df24xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 94e91ad6b157ff4b58f751649473fce3c7cd77e2b402e9be5e562ad57c65d72f

(this sample)

AgentTesla

Executable exe 63e22190be3afdf47f1f752c5a112347410849f3dccd0f0a7319dc8e6a405b39

  
Dropping
MD5 5cac1e716627b5caea7e65c9f52afa59
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 63e22190be3afdf47f1f752c5a112347410849f3dccd0f0a7319dc8e6a405b39

Comments