MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f236ebcbe2a48fb908aa29356eac5985ffc5bb3cfc2ca7b06e11308f9a518660. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f236ebcbe2a48fb908aa29356eac5985ffc5bb3cfc2ca7b06e11308f9a518660
SHA3-384 hash: 7790ad20aebd8ce7fabe0420214e079c46b74fd7825066de6f242fc70e95940084bbb97c63306a97dbbfd65c8e407f13
SHA1 hash: cabd808dabe823034aee2212909c1d8dff495f8b
MD5 hash: cb35540dd55a68396741804dba621004
humanhash: mountain-nuts-lion-victor
File name:Picture5.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-05-01 11:27:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:E8yYXwArWvCziuleuBvsQcQJFeRpWeBQwiEcav5qLNs2tq4ddpj4qlFy84+LX9X:b5gATziCxxc9T/BqS2tq2Tj4qv4+7l
TLSH 8A450223EF98C231DCDC2A77067A135D577847A30091D76DBEAE2E590BA7B6209312CD
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.quilounges.com
Sending IP: 45.95.168.152
From: Quilounges Inc<info@quilounges.com>
Subject: Property Purchase
Attachment: Picture5.img (contains "picture5.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.48211.9270.22436.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 22:45:20 UTC
File Type:
Binary (Archive)
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6i3oxs7cush3scfkfe2w5lczqx74loz47qwkpmdoceyi7gsrqzqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img f236ebcbe2a48fb908aa29356eac5985ffc5bb3cfc2ca7b06e11308f9a518660

(this sample)

AgentTesla

Executable exe a46a22affb92f4a76e9a0356c13fd5a8468c43af1b5f3e23d563fcb17331b69b

  
Dropping
MD5 b51432831829bf84ae8fd8c74c9f2c7d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a46a22affb92f4a76e9a0356c13fd5a8468c43af1b5f3e23d563fcb17331b69b

Comments