MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b7f6f8fb58190e258ea84f72c957b1fdf2d54daa5c9f2b9ab61920ff8cf4966. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b7f6f8fb58190e258ea84f72c957b1fdf2d54daa5c9f2b9ab61920ff8cf4966
SHA3-384 hash: c59d7e95a92a297c16004cf099d07a41724ccb1ac30b222384d2f9ff506ec35678d74ea0cde8b7ad7fb19ff75e0e9dec
SHA1 hash: 623dea9f1588df782a1222dfbbe93127f3f15ace
MD5 hash: c6d6bdcd373dfc0fae9eba288bbf939e
humanhash: twelve-burger-hawaii-freddie
File name:New Order PI 25-09878.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:405'580 bytes
First seen:2020-05-25 08:18:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:EQ/FqPvecYwLdv3Jmo2OjYpZDSkxlNP1NEz2ov:EVPvecYwRRButSYNP1Kz2ov
TLSH 238423366985266DD8647AEEE2C6403A55E2DD81DB264B3C3C833F6B0DCA1C2398D527
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chapar04.afr.hezardastan.net
Sending IP: 79.175.132.33
From: Chun Wo Ho Co., Ltd <sales-tweety@chunwoho.com.hk>
Subject: New Order PI 25-09878
Attachment: New Order PI 25-09878.zip (contains "New Order PI 25-09878.exe")

AgentTesla SMTP exfil server:
mail.fakly-cambodia.com:587

AgentTesla SMTP exfil email address:
elesh.ly@fakly-cambodia.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 08:36:11 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3b7f6f8fb58190e258ea84f72c957b1fdf2d54daa5c9f2b9ab61920ff8cf4966

(this sample)

AgentTesla

Executable exe 1815b430c5e268bae6c954cf7d38575e131776105726c317b0aca1ec10e6cb9a

  
Dropping
MD5 3dada642ea80d2f5ebe660fc8b590716
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1815b430c5e268bae6c954cf7d38575e131776105726c317b0aca1ec10e6cb9a

Comments