MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98be60b9ccede9cb911e99b7f42f18e8b67e19920e19f77440bff099d008f724. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98be60b9ccede9cb911e99b7f42f18e8b67e19920e19f77440bff099d008f724
SHA3-384 hash: 60add1290b6e74e8a310aca669be4b33e42d8c2aaec4af4f2ebd79cd7e6ca9b454a3e7cc692782548850b80c60bf026a
SHA1 hash: d696b509b1a5b59ccb0d033b7c1f1275d08a0809
MD5 hash: c313f667194b5e54a99846f29d9848d9
humanhash: yankee-mike-sweet-nitrogen
File name:doc01888220201021095312.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'697'792 bytes
First seen:2020-10-27 10:16:43 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:axIxMB6DI8GDHTSM2ceyH/PyHtSYwcBAyPAvxP/87s7N1DXWghirADqy6cPHVlE1:gI
TLSH 41758B3D6E8826A3D177E276A4F50587FEE8618673790C4B02C32B486D4AF163E9734D
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: zap-srv.com
Sending IP: 185.223.28.59
From: Andrea Gerigk <andrea.gerigk@zap-srv.com>
Reply-To: Andrea Gerigk <autoreceive@airmail.cc>
Subject: 720e- mini products
Attachment: doc01888220201021095312.img (contains "doc01888220201021095312.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.3554.7729.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98be60b9ccede9cb911e99b7f42f18e8b67e19920e19f77440bff099d008f724/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 06:44:54 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tc7gboom5xu4xei6tg37ilyy5c3h4gmsbym7o5cax7yjtuai64sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 98be60b9ccede9cb911e99b7f42f18e8b67e19920e19f77440bff099d008f724

(this sample)

AgentTesla

Executable exe 012cf160ecfb1550f8b2805d6741e42f0e289cc8c22081e5c7c35cd5c287db42

  
Dropping
MD5 d94e8624df3527898885ca97a4e2716a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 012cf160ecfb1550f8b2805d6741e42f0e289cc8c22081e5c7c35cd5c287db42

Comments