MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fdafa1a3ae6d0301875caf0435d3cb15dc0cff1cdf540a5dba8c7b0e900a3dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fdafa1a3ae6d0301875caf0435d3cb15dc0cff1cdf540a5dba8c7b0e900a3dd
SHA3-384 hash: 03d064863022405a9f6f9e6a30bf16532be424159372590a502984dc8b70328fd1801f09ce92fea6a84cb96872f10095
SHA1 hash: 8e0b3993a66388c5ffafb63201c911c6cc003832
MD5 hash: 2e40550f38a37ee2d2593dbe1f1ad98d
humanhash: bluebird-shade-low-moon
File name:NEW PURCHASE ORDER FOR AUGUST.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:456'424 bytes
First seen:2020-08-15 17:23:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:GXDnw+3iJ+C+pXeyePHvP+ZPaF5+Xo+yXw2yV:GXDnw+3EkXre/IIH+Awl
TLSH EBA4238ED9A06423E4DC4380B483E01432B20945E2E61FF6E578FD3A376E66D17E8B57
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: appareltech.co.kr
Sending IP: 103.99.1.149
From: Mr.Cuong(Appareltech) <appareltechvn3@appareltech.co.kr>
Subject: [COLUMBIA] Purchase Order for 04/30 BUY_F20_SHANGHAI JIUYU_ATC VN
Attachment: NEW PURCHASE ORDER FOR AUGUST.zip (contains "NEW PURCHASE ORDER FOR AUGUST.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.435286.10963.12734.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fdafa1a3ae6d0301875caf0435d3cb15dc0cff1cdf540a5dba8c7b0e900a3dd/
Threat name:
Win32.Spyware.Golangot
Create hunting rule
Status:
Malicious
First seen:
2020-08-15 17:24:07 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d7npugr243idagdvzlyegxj4wfo4bt7rzx2ubjo3vdd3b2iaupoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/1fdafa1a3ae6d0301875caf0435d3cb15dc0cff1cdf540a5dba8c7b0e900a3dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1fdafa1a3ae6d0301875caf0435d3cb15dc0cff1cdf540a5dba8c7b0e900a3dd

(this sample)

AgentTesla

Executable exe e8d6e647d8611efee71472288c0959d0e7f2950e1bbd226877872de5fc4beeab

  
Dropping
MD5 36985f78fc46edf45ccc0f229cdf6564
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8d6e647d8611efee71472288c0959d0e7f2950e1bbd226877872de5fc4beeab

Comments