MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cda27844588b027df084a6ea7cdb9a0c2503ff7554e42f89f027ed147ef956a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cda27844588b027df084a6ea7cdb9a0c2503ff7554e42f89f027ed147ef956a7
SHA3-384 hash: 760572bd22a3e70738b790cc49038850c7791219791771e0769b6221457ffbf1fce43d3f5be113aa8b7c3208fb8f6634
SHA1 hash: e6385bbde85df0d20485e89a236e2e5401da6d82
MD5 hash: e800745d91bb89400d4fdaf437c2a620
humanhash: zulu-arkansas-robert-hamper
File name:transferencia02.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-08-08 08:18:39 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:zgrpiAxozLTXtrFeXiZV2kCMKlY6m1Xv:kQA6zXae2kCPlY6m1X
TLSH 794512AC17FD6FB6CEED02B864DD36052774D4075283EB2A3D0C36B91B6675106E03AA
Reporter abuse_ch
Tags:AgentTesla ESP geo img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.lasmercedes.com.ni
Sending IP: 186.1.30.71
From: Recursos humanos <rrhh@lasmercedes.com.ni>
Subject: Registro de Cuenta Interbancaria en Dólares
Attachment: transferencia02.img (contains "transferencia02.PDF.bat")

AgentTesla SMTP exfil server:
mail.emifarma.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.18893.31514.32153.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cda27844588b027df084a6ea7cdb9a0c2503ff7554e42f89f027ed147ef956a7/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 08:20:07 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zwrhqrcyrmbh34eeu3vhzw42bqsqh73vktsc7cpqe7wri7xzk2tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cda27844588b027df084a6ea7cdb9a0c2503ff7554e42f89f027ed147ef956a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img cda27844588b027df084a6ea7cdb9a0c2503ff7554e42f89f027ed147ef956a7

(this sample)

AgentTesla

Executable exe 591c4d26e3bbb4607b0c3387cc2353625a4a3e2af1e8747531a1fe4d15bbf8b3

  
Dropping
MD5 d654e499e4f5e623c6c87ada0a905f7b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 591c4d26e3bbb4607b0c3387cc2353625a4a3e2af1e8747531a1fe4d15bbf8b3

Comments