MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bd4a5705120b3a1abb8df8d94849558d4c6876ccb014716214c7e5560cff48c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9bd4a5705120b3a1abb8df8d94849558d4c6876ccb014716214c7e5560cff48c
SHA3-384 hash: b7fbedd7578bdfb2fac94126bb5d975d7defa5a2d3b98bacabc81f994c9c96bf3eddc27efea7a72a3b3cf97abb9b7b95
SHA1 hash: dc6cc799244bba59a45be2320b8df0f1c27c4b89
MD5 hash: 618862c7a5793917cd1756d6d99dc207
humanhash: wolfram-nineteen-illinois-monkey
File name:PAYMENT SWIFT COPY PRINTOUT.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-10 07:23:30 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Z7wv68+6s5pMAceqacipWri/EIAeNJRm5IK6pPevQzgWY:xwv68+1IATpZnAEEeZpY
TLSH F3458D883E046ECEC837D9B189446F146E50EC721216ED0A65FB35AAC63DFD7ADC41E2
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: tucker.com
Sending IP: 103.133.105.20
From: Lisa Quezada <lquezada@tucker.com>
Subject: RE: FWD: WIRE PAYMENT CONFIRMATION
Attachment: PAYMENT SWIFT COPY PRINTOUT.IMG (contains "PAYMENT SWIFT COPY PRINTOUT.exe")

AgentTesla SMTP exfil server:
mail.ilclaw.com.ph:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:25:09 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tpkkk4crecz2dk5y36gzjbevldkmnb3mzmauofrbjr7fkygp6sga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 9bd4a5705120b3a1abb8df8d94849558d4c6876ccb014716214c7e5560cff48c

(this sample)

AgentTesla

Executable exe 895bd4c8d2a48b22575765b56e28816dfec0a3ab991140a62cf76802c53a07bf

  
Dropping
MD5 2d7d758e0772d8415c74f0e7a97e9f74
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 895bd4c8d2a48b22575765b56e28816dfec0a3ab991140a62cf76802c53a07bf

Comments