MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4f523fc41c9808fd078c011208fb9ca7604ceb47cebc8b4632844f82fc73dcf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e4f523fc41c9808fd078c011208fb9ca7604ceb47cebc8b4632844f82fc73dcf
SHA3-384 hash: 5f97701036f3b76f3accdf41b3fae212576da1b323cf417130ad1d96208545e8e02cfb847e23a544b87369b1e4604faa
SHA1 hash: 52c74ff6c5aa9b3beade29da73126294c2ca9b66
MD5 hash: 97c693bb51dfe5186f5e6d2e6649c447
humanhash: floor-orange-twenty-victor
File name:350,00.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'560'576 bytes
First seen:2020-06-02 07:11:36 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Atb20pkaCqT5TBWgNQ7ahjuvcUS0oiip47bCN1NukJqGRcn4jWOJrdN6A:JVg5tQ7ahY1oiipqbENu4qWm4l35
TLSH BE75E02273DE8360C7B25173BA56B701AE7B7C2506B5F46B2F98393DAA30121521E773
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hotmail.com
Sending IP: 45.153.240.178
From: aidscarenurse@hotmail.com
Subject: remittance advice
Attachment: 350,00.iso (contains "350,00.exe")

AgentTesla SMTP exfil server:
dal-shared-56.hostwindsdns.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 07:17:03 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4t2sh7cbzgai7udyyaisbd5zzj3ajtvuptv4rnddfbcpql6hhxhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso e4f523fc41c9808fd078c011208fb9ca7604ceb47cebc8b4632844f82fc73dcf

(this sample)

AgentTesla

Executable exe 0644b00b5884d167142693487ce70de79a73630bafceaa94f83e5e7051b63c2e

  
Dropping
MD5 3535c41eed78885d2a36c3bf1bf93c5c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0644b00b5884d167142693487ce70de79a73630bafceaa94f83e5e7051b63c2e

Comments