MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc7438f2fd1938b81f54d7880405defd24ddb7fa19489cb0ec520350466f5e55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc7438f2fd1938b81f54d7880405defd24ddb7fa19489cb0ec520350466f5e55
SHA3-384 hash: bcb0197de92194ac66449c3f8ed80ca4417e5d7610ec894bcdb3d7bda2598b0ac0ba86da76fa000598c91d99f2122ba8
SHA1 hash: 1cd42bbcebf50cefa64b04f2e4f021b6ee88c7e9
MD5 hash: 2d5bc3ecbbb0ed17521b019fdbffe81e
humanhash: apart-early-sixteen-south
File name:20SMX0701007N.ISO
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'310'720 bytes
First seen:2020-07-08 06:51:11 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:QXjgbnMmIKCXsLIN4KKD6fpkR+ypsKtvP1QZTQC+ILopSxzbexXDfGI7DaNV0K1e:Okb4uLgpfpkZq8TLAdu
TLSH 7C559E22F6A14433C1631A789C1B57B89C3ABE103D6479C63BE95C4C9F39781397AE93
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: box.serviceflaet.xyz
Sending IP: 104.168.218.237
From: Josh Morris <vendor@serviceflaet.xyz>
Subject: Wire transfer (20SMX0701006N/20SMX0701007N)
Attachment: 20SMX0701007N.ISO (contains "sssssssss.exe")

AgentTesla SMTP exfil server:
mail.sensar-light.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc7438f2fd1938b81f54d7880405defd24ddb7fa19489cb0ec520350466f5e55/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:53:05 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3r2dr4x5de4lqh2u26eaibo67usn3n72dfejzmhmkibvartplzkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso dc7438f2fd1938b81f54d7880405defd24ddb7fa19489cb0ec520350466f5e55

(this sample)

AgentTesla

Executable exe c75fa16118d5d921d598bd9ff539426dcfd7aece03815e5be6414763ba72bda6

  
Dropping
MD5 88eb02d25f5e8f949f9f0ae669066601
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c75fa16118d5d921d598bd9ff539426dcfd7aece03815e5be6414763ba72bda6

Comments