MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ef644187ec5e1e32b4441fc7826a8b4eca1d41762224c8b17f30ae93a8d2865. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: 9ef644187ec5e1e32b4441fc7826a8b4eca1d41762224c8b17f30ae93a8d2865
SHA1 hash: d26f7459bc7e18fed687135e5993a946f762e7e9
MD5 hash: 1633609617e2385f6694ebfbca81d45f
File name:MT103_54,770.83USD_052020 dbs 1020.iso
Download: download sample
Signature AgentTesla
File size:512'000 bytes
First seen:2020-05-23 11:43:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:dXm6pt/bRM/BVs13QYq0tfbWQHV2CZgXrGfZ9bGjj:LRM/BVs13uQHNgXrYN+
TLSH 39B4011922D4926BD86D4B78ED9034151BB3BD1A3A31E305BE9FB5DE1B7B3C48500BA3
Reporter @abuse_ch
Tags:AgentTesla iso


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: ns.univ21.net
Sending IP: 211.233.62.61
From: "Ayesha Kent - Financial team DBS"<ayesha.kent@yahoo.com.sg>
Subject: Fwd: Remittance from 22-05-2020
Attachment: MT103_54,770.83USD_052020 dbs 1020.iso (contains "MT103_54,770.83USD_052020 dbs 1020.exe")

AgentTesla SMTP exfil server:
mail.cycloinstruments.com:26

Intelligence


Mail intelligence
Trap location Impact
Global High
CH Switzerland Low
# of uploads 1
# of downloads 18
Origin country FR FR
ClamAV SecuriteInfo.com.BehavesLike.Win32.Generic.gc.4719.UNOFFICIAL
VirusTotal:Virustotal results 6.67%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 9ef644187ec5e1e32b4441fc7826a8b4eca1d41762224c8b17f30ae93a8d2865

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments