MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0211802a977e1e9f87a6f2bbd760170f4d0c0773d99339247f9b78867d8815a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0211802a977e1e9f87a6f2bbd760170f4d0c0773d99339247f9b78867d8815a
SHA3-384 hash: 9b8f10c0f43eb695116151bbb4eeaa4ad4a3ad497e8ba705753644f916fa7dbcab62eef7acf3588e11ac1daecacad1a4
SHA1 hash: 8826006c9555836c146c56ed8802ba1908c0e749
MD5 hash: 69f055607b19850e51ac46ec38e4255a
humanhash: eleven-london-music-uncle
File name:2399_DCMP_1004202.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:518'144 bytes
First seen:2020-04-29 17:32:34 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:7ywK1G1QRGMU2sYoaeFTbFfhCyvkZ55SeVsHMPv:7LK1G1KU2MakTbFfhFkZr
TLSH C9B4CF6C764075EFC867CD3689A46C10BA11B4B6431BE353B45F06AD9B4EADACF102E3
Reporter abuse_ch
Tags:AgentTesla COVID-19 iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: Secretaría de la Coalición de Negocios Globales<info@globalbusinesscoalition.org>
Subject: Coronavirus - DPCM 29/04/2020 e comentario de confederación
Attachment: 2399_DCMP_1004202.iso (contains "2399_DCMP_1004202.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisB757AF52B0DD.13451.UNOFFICIAL
Create hunting rule

Win.Packed.Nanocore-7758947-0
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rrat
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 06:46:31 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2aqrqavjo7q6t6d2n4v325qbod2nbqdxhwmthesh7g3yqz6yqfna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso d0211802a977e1e9f87a6f2bbd760170f4d0c0773d99339247f9b78867d8815a

(this sample)

AgentTesla

Executable exe 5bdd08d6795379ec86f205b7f1be9c2b638fe95a21ec55a8700a7c6d2363f68f

  
Dropping
MD5 b757af52b0dd7e97d801f22f8d4ee432
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5bdd08d6795379ec86f205b7f1be9c2b638fe95a21ec55a8700a7c6d2363f68f

Comments