MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5fa8bc1bd43194945e9a97abc893e194d19d3d1201d23bbb9dee327fcf4b359. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5fa8bc1bd43194945e9a97abc893e194d19d3d1201d23bbb9dee327fcf4b359
SHA3-384 hash: dbad2a5c806ceaa23806d7b169d4815ae172068165c5bde8ce2272a7c08973dd1df257af59e7b9faa9e4f347079f270b
SHA1 hash: 9c907a6bbd581a6be437d5c2fa0626c0242622be
MD5 hash: 7e7430b09d085cf5f46229a9ae3f67e6
humanhash: tennessee-july-whiskey-failed
File name:Saudi Aramco.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:321'536 bytes
First seen:2020-10-14 15:26:55 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 3072:NKS025XzMaAmO1rgbG9X8vzj4URDbuHeCoUr1pvSEN+VeWoDO5wNhoQOQeCFFS:NMSzMMO1gNCz/1NeSDOydF
TLSH 3A64095C7119D86ED8791E700C9BF02013F06AAF8491DA093CDF3AEEB6F3645294A7D9
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: dd13728.kasserver.com
Sending IP: 85.13.135.141
From: Karayel Cebrail <nh@henrichcompany.com>
Subject: RFQ for the on-going Saudi Aramco Project
Attachment: Saudi Aramco.iso (contains "Saudi Aramco.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.1877.1121.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5fa8bc1bd43194945e9a97abc893e194d19d3d1201d23bbb9dee327fcf4b359/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-14 03:29:04 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yx5ixqn5immusrpjvf5lzcj6dfgrtu6reaosho5z33rsp7huwnmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c5fa8bc1bd43194945e9a97abc893e194d19d3d1201d23bbb9dee327fcf4b359

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso c5fa8bc1bd43194945e9a97abc893e194d19d3d1201d23bbb9dee327fcf4b359

(this sample)

AgentTesla

Executable exe 68774e1082c9ce2463d9024585565524b03af824f9ec890f1faee377a5148096

  
Dropping
MD5 67fc6886bfb00cec4d0c071aebd0df45
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68774e1082c9ce2463d9024585565524b03af824f9ec890f1faee377a5148096

Comments