MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf0ff84082a58b5313efd9c225a4dae8d47f487f9852792d74a06e1c3e13278b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf0ff84082a58b5313efd9c225a4dae8d47f487f9852792d74a06e1c3e13278b
SHA3-384 hash: 54aaab181f9191d414bfaf76d33c119421c93e6c25e3a96a1a5ee0883fc56c92f9c899b927f466cd56bcb3a419bdea78
SHA1 hash: d2528d5cf5ec129c670987aaaee56607227c0b00
MD5 hash: 23af71087dbc073796d68a77684dd128
humanhash: may-glucose-alanine-coffee
File name:Ref150420190619A-B0270PEL.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:737'280 bytes
First seen:2020-06-29 06:20:12 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:Yk8slbF/6AyLWDhQaZWA9V9pQ1+LGV6Gb+4FZtXsB/bxN8O:YhgQjaMQ9FGVb+4ecO
TLSH 29F4E92A7E44E905D03C5A3340EE5581A7B2E5C32A23C74F7E8E676C5F0178A3E5A36D
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.alvindoprt.ml
Sending IP: 173.82.255.217
From: Rayyan Aishah_ObsnapGroup <info@alvindoprt.ml>
Subject: SUPPLY AS PER QUOTATION: Ref:15042019/0619A-B/0270/PEL
Attachment: Ref150420190619A-B0270PEL.iso (contains "Ref150420190619A-B0270PEL.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.24759.17870.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf0ff84082a58b5313efd9c225a4dae8d47f487f9852792d74a06e1c3e13278b/
Threat name:
ByteCode-MSIL.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:22:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z4h7qqecuwfvge7p3hbcljg25dkh6sd7tbjhslluubxbypqte6fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso cf0ff84082a58b5313efd9c225a4dae8d47f487f9852792d74a06e1c3e13278b

(this sample)

AgentTesla

Executable exe 986cdfab675df89400566cc10c76c3d1e08f2ae7a0ca09e319a83f2ccf53d691

  
Dropping
MD5 888555e75f85b3364fab2e063cf90690
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 986cdfab675df89400566cc10c76c3d1e08f2ae7a0ca09e319a83f2ccf53d691

Comments