MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f219a1dd2ff068248a9b1ce3affab1616d7a887472fcc935c6c195c3aed2c7d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f219a1dd2ff068248a9b1ce3affab1616d7a887472fcc935c6c195c3aed2c7d7
SHA3-384 hash: 5fcbaa4889dc6d1cf271e289544cc631fe697f2bbac7115181993c520203e6220040d9e8de44ddc0158e3933dfd8e5c7
SHA1 hash: 3c6efa1236f1e85d1b105590a0414a85a74de663
MD5 hash: e357323432d3f851509fb8778e68157a
humanhash: alpha-johnny-network-eleven
File name:Payament Query.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'680'832 bytes
First seen:2021-01-10 12:47:57 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:+Q+Ak/ce5WJJI2xvd5kOR9wxy+G2ST+AtN2ZeIXmmhKOsXH7cU2:WMIkvdOOR9a3zM
TLSH ECC5E4112FD3254EF2F3E27612B29ADA9F38FA7A72455A09825D1B554C03F862F83D07
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: secure.zrl.com.zm
Sending IP: 216.194.164.118
From: Financial Manager <financialmanager@eventcenter.com>
Subject: Urgent Payment Query
Attachment: Payament Query.iso (contains "Payment Query.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1570.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f219a1dd2ff068248a9b1ce3affab1616d7a887472fcc935c6c195c3aed2c7d7/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-10 08:31:50 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6im2dxjp6bucjcu3dtr276vrmfwxvcduol6msnogygk4hlwsy7lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f219a1dd2ff068248a9b1ce3affab1616d7a887472fcc935c6c195c3aed2c7d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso f219a1dd2ff068248a9b1ce3affab1616d7a887472fcc935c6c195c3aed2c7d7

(this sample)

AgentTesla

Executable exe 8905819fcaa0d71e50cc1ec90e32258967e011878efb78f8db8893ad04a98174

  
Dropping
MD5 8450d28fb6f38401825192dfd03e7179
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8905819fcaa0d71e50cc1ec90e32258967e011878efb78f8db8893ad04a98174

Comments