MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca014218ded288759db8a4521da5e28f7fcadfec093f8538c88ae43cea3cf7bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca014218ded288759db8a4521da5e28f7fcadfec093f8538c88ae43cea3cf7bb
SHA3-384 hash: 143fabec4b8d6880cf44621ea6414081f3dd3ac6f00cc043ba748fa5c199c66faae36366a1c51b0b0263f11adcfc5ca3
SHA1 hash: 5c329387fd7318086fd1319b961e0c881c5e5945
MD5 hash: 1d678a08dcf041f975436e625ee4d1d4
humanhash: hydrogen-apart-august-ack
File name:Seafood photos.exe.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-24 07:06:31 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:sanshHJ50vqsadAkybXQdQAnOx/Zfb18sQhAgPQh5NiW4dr:cx0RXbXQdQ+o/FOKNiB
TLSH 414512019350E4B6D52103720EBA9E34AFA57E7CE426894FB30D76136FB3247192F98E
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: tradingman.pw
Sending IP: 142.11.219.101
From: Miss Sarah<info@leetacke.com>
Subject: Urgently Advise...
Attachment: Seafood photos.exe.img (contains "Seafood photos.exe")

AgentTesla SMTP exfil server:
mail.gandi.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Myxah
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 07:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
44
AV detection:
15 of 48 (31.25%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img ca014218ded288759db8a4521da5e28f7fcadfec093f8538c88ae43cea3cf7bb

(this sample)

AgentTesla

Executable exe e95f8244e8eb4cf8d3d34fc357653e1a2cc81fb2d049830bdbb10bd6b554f6dd

  
Dropping
MD5 a0971694c7ebfa0e820a38e1823a41c2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e95f8244e8eb4cf8d3d34fc357653e1a2cc81fb2d049830bdbb10bd6b554f6dd

Comments