MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c81ba9d733ab21b0211d099bfea77e2dfbadd526fb567a09e70e13c71c50875b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c81ba9d733ab21b0211d099bfea77e2dfbadd526fb567a09e70e13c71c50875b
SHA3-384 hash: 34230976ca43ccdddc2a800650c8232e0219bb0ac276a98e55f96bc4dd4c6e96040caf601c1fd3a3a58aacaa9db594a2
SHA1 hash: 1960897d436275ed3078638590329144fbdf81ec
MD5 hash: aebe68b232e08b41ed2a55c454067bec
humanhash: one-one-lithium-pasta
File name:Image_001.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-17 17:46:37 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:VVdyLZnKBp/CF0HSWMIuv9dYC+AQrfYUAgvvZ521uzggDIWW2kqc/PgYls:VWLMB1CFjIubSAKgUxZ521u/WzVgYm
TLSH C54523533BD4D2A2E28E0679023DD31013A9BFF761AA021EB48F57AE1B577981F53934
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: torrespardo.ncloud.es
Sending IP: 185.57.172.23
From: Philipp Baminger <philippe.li@midea.com>
Subject: AG: AW: Transfer Confirmation
Attachment: Image_001.img (contains "Image_001.exe")

AgentTesla SMTP exfil server:
mail.vestatex.es:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.355.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c81ba9d733ab21b0211d099bfea77e2dfbadd526fb567a09e70e13c71c50875b/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-08-17 07:40:05 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zan2tvztvmq3aii5bgn75j36fx523vjg7nlhucphbyj4ohcqq5nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/c81ba9d733ab21b0211d099bfea77e2dfbadd526fb567a09e70e13c71c50875b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img c81ba9d733ab21b0211d099bfea77e2dfbadd526fb567a09e70e13c71c50875b

(this sample)

AgentTesla

Executable exe e8cd3d10b40496dadd04dd9f7c0d916b8ac45a1366ce537ad0128f5f7e47847b

  
Dropping
MD5 893feb3697e8e50b46e9bcc415c38122
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8cd3d10b40496dadd04dd9f7c0d916b8ac45a1366ce537ad0128f5f7e47847b

Comments