MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37b3c715fe78f66fa8f416d24d573a0b14b63863fc3093f876c2038670faa84d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37b3c715fe78f66fa8f416d24d573a0b14b63863fc3093f876c2038670faa84d
SHA3-384 hash: 0c13e7cb08260f58297b0b1fc14c04e4684291a1c16a4b17cb379295e659eeca4cb9e7ec1632c2d0714a8580352d03f3
SHA1 hash: 819f4158c1f0fbda118d0bd6f0932dc0756a3b40
MD5 hash: ab9234a887376b034b5ece14057ba7f1
humanhash: floor-princess-hot-hot
File name:Purchase Order APO-074787648.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:490'737 bytes
First seen:2020-04-30 11:34:52 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 12288:IbhFm6ZlmHZmY/NcbcpmUdeOPExZMDLgJy:whY8R6ebcpmieIv1
TLSH 12A4239E27553DD923C0B28A9420410DC54BF904C7B1A8FEBDD1F670B944F26CAEE75A
Reporter abuse_ch
Tags:ace AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.smartip.sk
Sending IP: 159.69.39.135
From: Jane Hsieh Seal King Industrial Co., Ltd <jane.hsieh@sealking.com.tw>
Subject: Purchase Order /APO-074787648
Attachment: Purchase Order APO-074787648.ace (contains "Purchase Order APO-074787648.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Nanobot
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 11:36:44 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6z4ofp6pd3g7khuc3je2vz2bmklmodd7qyjh6dwyibym4h2vbgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 37b3c715fe78f66fa8f416d24d573a0b14b63863fc3093f876c2038670faa84d

(this sample)

AgentTesla

Executable exe 5255af098de7f7f6fa651b0e548cc647035161ad4d35478d943b4dd81de0caa3

  
Dropping
MD5 b883dcf416944694bb099852491779f1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5255af098de7f7f6fa651b0e548cc647035161ad4d35478d943b4dd81de0caa3

Comments