MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9876c12b456b36499ddfe0a37c4cbc362cc26061b8edb8969390ffa538e3ca7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9876c12b456b36499ddfe0a37c4cbc362cc26061b8edb8969390ffa538e3ca7
SHA3-384 hash: 056555ca7d5b10dde010ddecb27effc6137fed82f07df475fcd9b7b83b139ba9157825c8ab778522b38ce9a6cf7c9465
SHA1 hash: da9416da1fac0d8a4f3b9f9685d2ab70f834c6c8
MD5 hash: 9594536c40d71a5c81b1e52b0511e664
humanhash: double-football-floor-twenty
File name:gf35647632.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-03 07:43:32 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:dF47LD2CJSlZyxzjMmZ0RgK8q6kAggwcyw1bb7iskcTP8O:L47Lq0SWRMmZ0RgypgwvwFbGsfj
TLSH F9457CF66242DA6AC80F043FF84B656193D9DF2D98F9804653C9B12D137CBCE56AC48B
Reporter cocaman
Tags:AgentTesla iso


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?5Lia5Yqh5LiD6YOo?=<mvollman@hgrinc.com>"
Received: "from hgrinc.com (unknown [37.48.85.204]) "
Date: "3 Nov 2020 14:42:08 -0800"
Subject: "New Inquiry: RFQ.NO_8877"
Attachment: "gf35647632.iso"

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.15554.9307.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9876c12b456b36499ddfe0a37c4cbc362cc26061b8edb8969390ffa538e3ca7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-03 03:10:49 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7gdwyevuk2zwjgo57yfdprglynrmyjqgdohnxcljheh7uu4ohstq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f9876c12b456b36499ddfe0a37c4cbc362cc26061b8edb8969390ffa538e3ca7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso f9876c12b456b36499ddfe0a37c4cbc362cc26061b8edb8969390ffa538e3ca7

(this sample)

AgentTesla

Executable exe f39b3fc42fd8089d99eae4cb1ecead6e3d772007d766c1f982ab1834af68dc00

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f39b3fc42fd8089d99eae4cb1ecead6e3d772007d766c1f982ab1834af68dc00
  
Dropping
AgentTesla

Comments