MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a078887dcfb4b5345b7a5a0a58cfb89ed0ca13a0c789b9fd40e7cac60ebbf6e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a078887dcfb4b5345b7a5a0a58cfb89ed0ca13a0c789b9fd40e7cac60ebbf6e8
SHA3-384 hash: b21e7bc9fe2d92c2b9fbbd7fac40ebd07577f7e104921c20c3eb2bcf2f39b6bb512a93ff8218475d29d0b1f9a28ae7d7
SHA1 hash: 11716a0857e72742871a2aeda4ec5a8f250a4307
MD5 hash: 29d81558693de61a5e39a018d481d77c
humanhash: sweet-saturn-oklahoma-ack
File name:specification.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:552'960 bytes
First seen:2020-10-20 08:57:28 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:LDRexSAxmht1Hqoo+PoW9IEJe/QSfOripZtlh8KPpqWl5ZgR0G2EX6HA41b:/RFo+PrQ46pzpUL5
TLSH 2CC4F827FFA20707D6BA6F72C6EA2120D32384C22287F61E37E523611D9739F1D89565
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hanmail.net
Sending IP: 212.114.52.211
From: ark Jinsu<a.Jinsu@hanmail.net>
Subject: RE:URGENT ENQUIRY_008987654
Attachment: specification.iso (contains "specification.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a078887dcfb4b5345b7a5a0a58cfb89ed0ca13a0c789b9fd40e7cac60ebbf6e8/
Threat name:
ByteCode-MSIL.Trojan.Variadic
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 08:46:31 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ub4iq7opws2tiw32liffrt5yt3imue5ay6e3t7ka47fmmdv363ua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a078887dcfb4b5345b7a5a0a58cfb89ed0ca13a0c789b9fd40e7cac60ebbf6e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso a078887dcfb4b5345b7a5a0a58cfb89ed0ca13a0c789b9fd40e7cac60ebbf6e8

(this sample)

AgentTesla

Executable exe b1547e6b3567625b3a19d01f304c73e29d5a9af860e89321c39ad48bbe6eb01e

  
Dropping
MD5 4559843422940d832eefc17f96a5500b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1547e6b3567625b3a19d01f304c73e29d5a9af860e89321c39ad48bbe6eb01e

Comments