MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1596b9d3f30a4b7ec94a7a52f92ec5e9ad649f16406666d743d91cc850448ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	b1596b9d3f30a4b7ec94a7a52f92ec5e9ad649f16406666d743d91cc850448ee
SHA3-384 hash:	c0cbae5002cc2166ab2e3e9ded4f108f93b571b4425e29aacd362ec96f4171ee88d43d453aed7f7752a75d0d3012365d
SHA1 hash:	7bd3c134c5158f4a1937cd4750dfdad989f959a6
MD5 hash:	8c564bdca10d68fc2232420b89e7be4b
humanhash:	alanine-lake-nitrogen-diet
File name:	PO.202001200939.IMG
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	2'097'152 bytes
First seen:	2020-04-30 12:34:57 UTC
Last seen:	Never
File type:	img
MIME type:	application/x-iso9660-image
ssdeep	24576:/AHnh+eWsN3skA4RV1Hom2KXMmHaTbNL5cGbTVTr1S5:ih+ZkldoPK8YaTbF+I5rq
TLSH	F1A5CF0273918025FEAE91735B55B241D6BCEC250123857F22BAEF78AB721711F2D26F
Reporter	abuse_ch
Tags:	AgentTesla img

abuse_ch

Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.212
From: ref@intertach-group.com
Subject: Re: Order Inquiry
Attachment: PO.202001200939.IMG (contains "PO 202001200939.exe")