MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b77e43d489b3924f1ce6964a87e14c59eae4cf17c57d7f41887ff21da133493c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b77e43d489b3924f1ce6964a87e14c59eae4cf17c57d7f41887ff21da133493c
SHA3-384 hash: 5cd3e16579aa0a5d21839b2a362af16e70cee7ecfb62ce2aca68eabee217c2c61c3adfe84cf9be517428b27fd39843b1
SHA1 hash: b7d17e7ade214b5a8e571ca13e72e245235db715
MD5 hash: 6980acb449789486ef15c6b1d1a6bcbb
humanhash: river-golf-friend-zulu
File name:DTI-60378xls.iso
Download: download sample
File size:1'245'184 bytes
First seen:2020-12-08 07:52:53 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:G0wODQtk7gaPqbLXb2wVKPQ6IIuJ/Ie762mDsOv8GJLNKhxviJNQ/1dB0yc4KQaB:ajeTPBId/Ie7qwYhKMKtwy95aVV9P
TLSH 2945BE31332A5A9AE6ED3E75810712344EE49C17E722E149FE4A3CF1B6B32D6C9509F1
Reporter abuse_ch
Tags:iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sara.com
Sending IP: 45.127.62.55
From: Logistics Asia Team <lueilwitz@johnwilliams.gq>
Reply-To: aceacryli@gmail.com
Subject: FW:RE:Urgent shipment 08/12/2020
Attachment: DTI-60378xls.iso (contains "DTI-60378xls.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.14.12964.26499.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b77e43d489b3924f1ce6964a87e14c59eae4cf17c57d7f41887ff21da133493c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 07:53:13 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=w57ehvejwoje6hhgszfipykmlhvojtyxyv6x6qmip7zb3ijtje6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b77e43d489b3924f1ce6964a87e14c59eae4cf17c57d7f41887ff21da133493c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso b77e43d489b3924f1ce6964a87e14c59eae4cf17c57d7f41887ff21da133493c

(this sample)

Executable exe 39e625803cb04a4b13320ed7b5dbf8abae734a53a5cf6884ae29dd4e49b430f7

  
Dropping
MD5 ca03d77ef6592054e7e663d514a57aac
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 39e625803cb04a4b13320ed7b5dbf8abae734a53a5cf6884ae29dd4e49b430f7

Comments