MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7fc74624ea4a28c04243db2c9d6af905d400d0b38e9ce7559852482bcbc82bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7fc74624ea4a28c04243db2c9d6af905d400d0b38e9ce7559852482bcbc82bb
SHA3-384 hash: 678257c8338eefd9e35eab6aa74b12e3b6f968bf0d195fd318dbf4b5f3a3288f5d1ab365074d59873b5e6c185c5b8bfc
SHA1 hash: 08948f9cf51a4deaef846bb229f2f3bcebff4044
MD5 hash: bd625c181ed38776713455689f26d1b8
humanhash: utah-mobile-kilo-fifteen
File name:SWIFT0914PDF.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:692'224 bytes
First seen:2020-05-25 12:21:41 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:WsLit9epsH8xD3nqR0Y70qjWcKQ+B5YkHqblS8+bHkqNYpKzFoqugb68OC7Enp2L:QeN/59B5YkHqblS8+lXOoUe
TLSH 3BE43C3E3A855415D13C897290A65580AAB6A6833E42C70F7FCE576CAF027CF3B1936D
Reporter abuse_ch
Tags:AgentTesla geo GRC iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.linux99.papaki.gr
Sending IP: 78.46.83.231
From: MITRENTSI.M <MITRENTSI.M@nbg.gr>
Reply-To: MITRENTSI.M@nbg.gr
Subject: ΚΟΙΝΟΠΟΙΗΣΗ ΠΛΗΡΩΜΗΣ
Attachment: SWIFT0914PDF.iso (contains "SWIFT0914PDF.exe")

AgentTesla FTP exfil server:
ftp.solarcenter.ro:21

AgentTesla FTP exfil user name:
webmaster@solarcenter.ro

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.18719.10106.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:40:02 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
11 of 30 (36.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso c7fc74624ea4a28c04243db2c9d6af905d400d0b38e9ce7559852482bcbc82bb

(this sample)

AgentTesla

Executable exe b92562b095b382e4f4e72335c4d78f9843a6724c60f2626d65df0e27006c6586

  
Dropping
MD5 290918ba6e27f51573e53594dadea432
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b92562b095b382e4f4e72335c4d78f9843a6724c60f2626d65df0e27006c6586

Comments