MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d11027fe63aa7a7f54b8f1ab06019f7a540ef0a597a8e1198c188882b159b989. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d11027fe63aa7a7f54b8f1ab06019f7a540ef0a597a8e1198c188882b159b989
SHA3-384 hash: 1d5097d3952518cebe6bd94d2c27ba6501e2eff3dcbdf17870ec62c6f9aaffd110db39fba8736a8112f6c6ed22064f8f
SHA1 hash: da05c9c9c21aa1f7a86ce9ea1d16937374ab5611
MD5 hash: 92430722e039f0497e89f8ec75d68db9
humanhash: steak-glucose-six-fish
File name:INVOICE.IMG.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:876'544 bytes
First seen:2020-08-18 11:13:07 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:++p7p8KESESHe4/gD6WDSqWl/LDGTGM5irKxUeaUZH9CVwZbe5zUdWLKizIB7I:ptRES4DBSq2KG2bOl27C5zU7iz0
TLSH 94158D26B2E0443FC0E6253D9D1B9774782BBE202A289D466BE55C4F7F3D691343D2A3
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: swn0.pinotvineryms.ga
Sending IP: 134.209.153.18
From: Ican(DHL) <pratimeshshetty@rustomjee.com>
Subject: SHIPPING DOCUMENTS, ETC DOC
Attachment: INVOICE.IMG.iso (contains "joe1.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d11027fe63aa7a7f54b8f1ab06019f7a540ef0a597a8e1198c188882b159b989/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 23:30:43 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2eicp7tdvj5h6vfy6gvqmam7pjka54ffs6uocgmmdceifmkzxgeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d11027fe63aa7a7f54b8f1ab06019f7a540ef0a597a8e1198c188882b159b989

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso d11027fe63aa7a7f54b8f1ab06019f7a540ef0a597a8e1198c188882b159b989

(this sample)

AgentTesla

Executable exe 8a1c7d516ce87b96194a19289d40a13f1cde869e3cfa844c3ec5a0b3a8899d38

  
Dropping
MD5 dad18541b96a3ca383d3510207cd5218
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8a1c7d516ce87b96194a19289d40a13f1cde869e3cfa844c3ec5a0b3a8899d38

Comments