MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd95c21320b52b0cb99eb865da6392ef29d0aabe95da98b8726413c5a90c6e56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd95c21320b52b0cb99eb865da6392ef29d0aabe95da98b8726413c5a90c6e56
SHA3-384 hash: cc8acd94c22e4a3e3f84849a7ebc82f36d21aeea2d235f00384b3c13c6fb55fed76aced9c0a94b2f676c055c83897fa9
SHA1 hash: 165aa13c2efc299f31acfa587e6419a29000c9be
MD5 hash: 6889d6cbfcf8ffed4341b9f2df9c22e2
humanhash: asparagus-emma-mango-high
File name:Account Review_MT103 pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-23 20:02:14 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:5ACO/Mq1WVquyzIpBldVYe/kbMpZlnGJQfCncqUfCdv5eLhH:5Ad//YV7yiOeMbMpZlnGJBoe0h
TLSH 1A45DFC056A89939FB650E3355B31A17D2A5F10B1C92EF4B6B0C885E3E707E9CB17B21
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.opthok-navi.com
Sending IP: 153.126.141.228
From: Oksana hbGroup <a.hirbawi@hbgroup.ps>
Reply-To: uyenleitenson@gmail.com
Subject: Fw: Urgent Supply Enquiry
Attachment: Account Review_MT103 pdf.img (contains "Account Review_MT103 pdf.exe")

AgentTesla FTP exfil server:
ftp.sman22sby.sch.id:21

AgentTesla FTP user name:
chorgin@sman22sby.sch.id

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EMUA.31001.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd95c21320b52b0cb99eb865da6392ef29d0aabe95da98b8726413c5a90c6e56/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 20:04:06 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7wk4eezawuvqzom6xbs5uy4s54u5bkv6sxnjrodsmqj4lkimnzla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img fd95c21320b52b0cb99eb865da6392ef29d0aabe95da98b8726413c5a90c6e56

(this sample)

AgentTesla

Executable exe 1e9a378d66d43b083d03a891048a93078ec11bf0f117b7e106dba91caefe1e75

  
Dropping
MD5 38514cdd20bbdea943d543ed10a65c6b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1e9a378d66d43b083d03a891048a93078ec11bf0f117b7e106dba91caefe1e75

Comments