MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2ab7376f1a94177d9b31638c73435459efe2e7ac35c9de78e124fcbc2788fbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: d2ab7376f1a94177d9b31638c73435459efe2e7ac35c9de78e124fcbc2788fbd
SHA1 hash: e2394a187082fd236860f2fa54d2ed765d853705
MD5 hash: 3a15022f9759772aac6b05567f547ee3
File name:Quote_213417_from_Greenco_Manufact_C0_352.pdf.img
Download: download sample
Signature AgentTesla
File size:1'245'184 bytes
First seen:2020-05-23 07:26:56 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:JS+T1qTwovJOeKFanO82VAwrerpjatTnU0LyuI1/DapCFO0mPwp6BIFvvGAbKsV9:wZlB2VAQerItTnKumepzPwpa4v/bpH
TLSH 7C45CF1A138C556AE99CC6BBC0D23A0406F4E46D249BE79AFC79A4EE4B1F373C58510F
Reporter @abuse_ch
Tags:AgentTesla Chase img


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: secure.com
Sending IP: 50.77.119.9
From: Chase Bank<info29381@secure.com>
Subject: Verify your Chase Account
Attachment: Quote_213417_from_Greenco_Manufact_C0_352.pdf.img (contains "Quote_213417_from_Greenco_Manufact_C0_352.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 21
Origin country FR FR
ClamAV SecuriteInfo.com.BackDoor.SpyBotNET.17.21636.11452.UNOFFICIAL
VirusTotal:Virustotal results 25.00%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img d2ab7376f1a94177d9b31638c73435459efe2e7ac35c9de78e124fcbc2788fbd

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments