MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d20f02cdd426b06298b2fad0fce3595202650cc48920eb87702b31c74b446c91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d20f02cdd426b06298b2fad0fce3595202650cc48920eb87702b31c74b446c91
SHA3-384 hash: 47c685cb3c698c89d0a6f1961139d84e19286d7168f3b66f125dd5e5f236256b3878aa284f88fb9500216c249221dec9
SHA1 hash: 364dc1fd7fe1d429712e4ac42b46c6c64dd1235e
MD5 hash: 460dcf3e06385730202d1f0f76c71975
humanhash: delta-berlin-jig-hotel
File name:MAERSK_BILL OF LADING_910727869.pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'441'792 bytes
First seen:2020-07-18 07:49:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:yX85wHBJWZI2UA2yTBabyp8Eb/Ic24C7jdjjFFco/AEqxWOTmDrCp+7vaD:yUw92UAPpWEbyN3PcgqHmypGva
TLSH DB65BF26F2E14C37C1B31A7D9D1B76F89839FD112A2859467BE87C4C8F3E650392528B
Reporter abuse_ch
Tags:AgentTesla img Maersk


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.atomprivecy.xyz
Sending IP: 142.11.206.237
From: MAERSK-LINE <info@atomprivecy.xyz>
Subject: OFFICAL ARRIVAL NOTIFICATION - MV STELLAR WALVIS BAY VOY 028E / BILL OF LADING - ETA 2020/07/20
Attachment: MAERSK_BILL OF LADING_910727869.pdf.img (contains "Maersk.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d20f02cdd426b06298b2fad0fce3595202650cc48920eb87702b31c74b446c91/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-18 04:54:35 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ihqftoue2ygfgfs7lipzy2zkibgkdgereqoxb3qfmy4os2ensiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d20f02cdd426b06298b2fad0fce3595202650cc48920eb87702b31c74b446c91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img d20f02cdd426b06298b2fad0fce3595202650cc48920eb87702b31c74b446c91

(this sample)

AgentTesla

Executable exe df7f92de3a57f9655e1ec74676f4f8aca5ca866a10889a4e88b8e668032f531a

  
Dropping
MD5 a668fc91a58df41a92c472b14eb29e10
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df7f92de3a57f9655e1ec74676f4f8aca5ca866a10889a4e88b8e668032f531a

Comments