MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a35bc5d5a702d47b4e0fa8f622fb03089cabe169bec1bd9ac22b9e0bd2d6f364. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a35bc5d5a702d47b4e0fa8f622fb03089cabe169bec1bd9ac22b9e0bd2d6f364
SHA3-384 hash: c59737c57f808e9e3158e629e6d7b3b940347df6e05509f6793131ba166a5936c3d0409fd6711f3295dd68ea5615bb1b
SHA1 hash: 952b713f376e9167b762e3359931b94ea90e0005
MD5 hash: 0046be5df4046b03bf319a2d098cfc43
humanhash: twelve-sodium-uniform-violet
File name:NF5021.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'835'008 bytes
First seen:2020-10-27 14:34:21 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:8AHnh+eWsN3skA4RV1Hom2KXMmHado+MQnGgQYS+0FcmMO7tj5:bh+ZkldoPK8YadoJQn1qFPt3
TLSH 5585BE0273D1C032FFAB92739B6AF64156BD79254133852F23982DB9BD701B2263D663
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.lerevecraze.com
Sending IP: 162.222.190.208
From: Nelson Joao de Jesus <logistica@qualipecas.com.br>
Reply-To: vendas02@qualiipecas.com.br
Subject: Invoice NF 5021
Attachment: NF5021.IMG (contains "NF5021.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.JS.EmbeddedEXE-5.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a35bc5d5a702d47b4e0fa8f622fb03089cabe169bec1bd9ac22b9e0bd2d6f364/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 12:41:41 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=unn4lvnhalkhwtqpvd3cf6ydbcokxyljx3a33gwcfopaxuww6nsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/a35bc5d5a702d47b4e0fa8f622fb03089cabe169bec1bd9ac22b9e0bd2d6f364

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img a35bc5d5a702d47b4e0fa8f622fb03089cabe169bec1bd9ac22b9e0bd2d6f364

(this sample)

AgentTesla

Executable exe 82f7510d5c7c75d898048efcb4ff6ff5cf055043d2d44f6f10d499f378bf391c

  
Dropping
MD5 adb4e9a1b0c7a6d52412ecb0a012c509
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 82f7510d5c7c75d898048efcb4ff6ff5cf055043d2d44f6f10d499f378bf391c

Comments