MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27de3632d583d96671812a5618e8b6f35323f391a42112d41f1900c28aac4c18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27de3632d583d96671812a5618e8b6f35323f391a42112d41f1900c28aac4c18
SHA3-384 hash: 983016e6311b4c72b1f2da2b00cc3733633d4ed82b44f96336226103d6b705e95da2b9e0121f2278671eae10272dc4e2
SHA1 hash: 8b5732f9b5ef1a12af3cebe1416ac1fa9a6f0490
MD5 hash: 3802de08e48faf4781b2359abc19a9b0
humanhash: berlin-echo-fruit-queen
File name:Purchase Order 88885550000.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:731'744 bytes
First seen:2020-08-04 15:23:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:jKoNBdOLlgHqCSOUsPSrEkE9/VlWnrv6ICs7mqLrLFcaRKJcN:jKopOOqClUs6rBElgrvV7rxUO
TLSH B5F423ECB0A5FE7ED9F2E34DD2DC4113C5D2A875F9A7C52141250A0B3E37E218146BAA
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: websmtp.net4india.com
Sending IP: 118.67.248.33
From: Ade GoodChild <accounts@tbase.in>
Reply-To: adegoodchild2019@yahoo.com
Subject: Purchase Order
Attachment: Purchase Order 88885550000.arj (contains "Purchase Order 88885550000.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27de3632d583d96671812a5618e8b6f35323f391a42112d41f1900c28aac4c18/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 15:25:07 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e7pdmmwvqpmwm4mbfjlbr2fw6njsh44ruqqrfva7deamfcvmjqma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/27de3632d583d96671812a5618e8b6f35323f391a42112d41f1900c28aac4c18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 27de3632d583d96671812a5618e8b6f35323f391a42112d41f1900c28aac4c18

(this sample)

AgentTesla

Executable exe ecefae0dfdd4a990c942fc9dcc0b375796922dcf03420de8d17e4529eea9632e

  
Dropping
MD5 7a22ffa2026bebda703819447b20828c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ecefae0dfdd4a990c942fc9dcc0b375796922dcf03420de8d17e4529eea9632e

Comments