MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d001296bc9f88dc65e2e8264bcdb1a05b61844aa6ad5df416cf565a087843775. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d001296bc9f88dc65e2e8264bcdb1a05b61844aa6ad5df416cf565a087843775
SHA3-384 hash: fadb620e0afadca75321f576295b3cc83e2e9c63486c18a8f57d5b17fe6db700023652d39512d62f80341f52ba1e32bd
SHA1 hash: 2539fd3c22a13de3f33c426fcf1f891939fd24a2
MD5 hash: ad0d765a8b979b86d4463bd501582373
humanhash: utah-video-idaho-butter
File name:PAYMENT COPY_PDF________________________________________________________________.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'556'480 bytes
First seen:2020-05-26 08:06:13 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Ztb20pkaCqT5TBWgNQ7aBvTg2LdOwE/I16YRkMBrNkt3tkV6A:qVg5tQ7aBvTgMdOwE/I16YfJkt3ts5
TLSH 2C75CF12339E8250CBBD5173791167516E7BE81535A0FCB72FBACB3CAB201215E0A66F
Reporter abuse_ch
Tags:AgentTesla HSBC iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: eagle266.startdedicated.com
Sending IP: 69.64.39.14
From: HSBC PAYMENT ADVISING SYSTEM <noreply@etisalat.ae>
Subject: HSBC Beneficiary Payments Advice (COVID-19 IS REAL!! STAY SAFE)
Attachment: PAYMENT COPY_PDF________________________________________________________________.iso (contains "PAYMENT COPY_PDF________________________________________________________________.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-26 08:50:15 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
13 of 30 (43.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso d001296bc9f88dc65e2e8264bcdb1a05b61844aa6ad5df416cf565a087843775

(this sample)

AgentTesla

Executable exe 675b4af2c5cc3648876edc6d33a2597a8a391e312f3291c778c4065919eafbd1

  
Dropping
MD5 5dc32c4ec2f45181c22a99e216e1bfff
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 675b4af2c5cc3648876edc6d33a2597a8a391e312f3291c778c4065919eafbd1

Comments