MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab6c16a71c861c02b6ac3dea3d71e6a4e82b427e1ef120d3b4b38ef5bb620db9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: ab6c16a71c861c02b6ac3dea3d71e6a4e82b427e1ef120d3b4b38ef5bb620db9
SHA3-384 hash: 9a3f755959ad555498c8ec1d98d2a43ac2bcd9b6ced7e5b48196818caee1cb2cec14d7d84c594a8604013729f33df092
SHA1 hash: 1de86136c1a81749b8e5ee0bf18fdcfab729fecd
MD5 hash: 512ad71db5bca8502b67578b76d05ecd
humanhash: west-seventeen-twenty-bakerloo
File name:Quotation.iso
Download: download sample
Signature AgentTesla
File size:503'808 bytes
First seen:2020-06-30 12:49:44 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:B4bmnKQ2h116KRo9ZAUmwTMSUZxm/he8I18Qtgz1:BymnKbOKGZAUm37Zxm/NIVg
TLSH ACB4013932941B7AE6B98BB525B018200FF7701B7272E21EBDAD60C917777208765F87
Reporter @abuse_ch
Tags:AgentTesla iso


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: sonic309-48.consmr.mail.sg3.yahoo.com
Sending IP: 106.10.244.111
From: Nazila Mohd Hashim <happysoil@yahoo.com.ph>
Reply-To: Nazila Mohd Hashim <happysoil@yahoo.com.ph>
Subject: Re: RFQ No 17545
Attachment: Quotation.iso (contains "Quotation.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 31
Origin country FR FR
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/ab6c16a71c861c02b6ac3dea3d71e6a4e82b427e1ef120d3b4b38ef5bb620db9/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 12:51:03 UTC
AV detection:14 of 31 (45.16%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso ab6c16a71c861c02b6ac3dea3d71e6a4e82b427e1ef120d3b4b38ef5bb620db9

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments