MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a1551597b87113751974f1d060920dbfc4f684f7388568d92d41b2baf6c99e0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a1551597b87113751974f1d060920dbfc4f684f7388568d92d41b2baf6c99e0d
SHA3-384 hash: 817ecbe5f9a0152514b260f68e8b20340b74b7337d1691703aada96e408d0c9a366dc971cf9668e78d336eff009a7f9b
SHA1 hash: 5f5cea9a141dd0069d0431b4d609b06e630f623d
MD5 hash: 2885afe86ec3ecc460362c8333dd2561
humanhash: tango-aspen-fourteen-six
File name:AWB 673687387678.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'871'872 bytes
First seen:2020-05-06 18:23:55 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 49152:aVg5tQ7a+nripjfRzkYLvnMdPp4gfrSkk5:Eg56ZrEfeYLvnMdGi
TLSH FE85DF1273994660E27D3133791577016E7BE81535A1FCFB2FBA8A38AB101214E3A76F
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.chittaranjan.co.in
Sending IP: 138.128.180.226
From: DHL Express ™ <support@dhl.com>
Reply-To: support@dhl.com
Subject: DHL Shipment Notification : 7348255141
Attachment: AWB 673687387678.iso (contains "AWB 673687387678.scr")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 17:55:07 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ufkrlf5yoejxkglu6higbeqnx7cpnbhxhccwrwjnigzlv5wjtygq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso a1551597b87113751974f1d060920dbfc4f684f7388568d92d41b2baf6c99e0d

(this sample)

AgentTesla

Executable exe d896d4d6903d7e8008d18fae11ce86027341d1a653595c8188b70d9f77d5eb4a

  
Dropping
MD5 2d9da2181ac3e70589e13019258d8974
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d896d4d6903d7e8008d18fae11ce86027341d1a653595c8188b70d9f77d5eb4a

Comments