MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f25b8a6d8cfeec3642271217d9a17a8246b3a1e1814001a8e46da0288159eebe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f25b8a6d8cfeec3642271217d9a17a8246b3a1e1814001a8e46da0288159eebe
SHA3-384 hash: 489932dfb3173231c191f928218f25583491db10e29702d01a637be19dfeeee61f38fa65eb37ea9a6874de040d1ba50c
SHA1 hash: 5b4e1ca1f9d25a6c7ad253d21a987dc9962fa8f5
MD5 hash: 7cf2078e4b53c88004f71b438e20d571
humanhash: undress-timing-texas-michigan
File name:ORDER LIST.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:634'880 bytes
First seen:2020-10-22 08:07:47 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:9Ov46h+D1s2cAEZzL8uFgXW4gtefzLgk9A1GKZHNYPzod:w2K9bB8uFgGRohA1GUKzod
TLSH 10D4021071996F32D7BE87F6202D451987F2445F53B1EA643DEE76DA2BA2B009B80F43
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: photek.co.uk
Sending IP: 88.218.16.126
From: Katherine Pedro <sales@photek.co.uk>
Reply-To: dawnimpax2012@gmail.com
Subject: REQUEST FOR QUOTATION FOR CONTRACT SUPPLY.
Attachment: ORDER LIST.iso (contains "ORDER LIST.exe")

AgentTesla SMTP exfil server:
smtp.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f25b8a6d8cfeec3642271217d9a17a8246b3a1e1814001a8e46da0288159eebe/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-22 07:40:22 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6jnyu3mm73wdmqrhcil5til2qjdlhipbqfaadkhenwqcrakz527a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso f25b8a6d8cfeec3642271217d9a17a8246b3a1e1814001a8e46da0288159eebe

(this sample)

AgentTesla

Executable exe 17a03e39ebafb5fcdd30227fcce2138dc69e353fc1ea131e53dfee3b4190cacc

  
Dropping
MD5 30a220c93fa58ebecdf760c59dc45249
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 17a03e39ebafb5fcdd30227fcce2138dc69e353fc1ea131e53dfee3b4190cacc

Comments