MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46a64bded2a3659ec1db154318fe28946888fb3177d4f4f3c1607c0d29517d23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46a64bded2a3659ec1db154318fe28946888fb3177d4f4f3c1607c0d29517d23
SHA3-384 hash: 3354c07c7d53fede78bc46f9a0a148a49dd3f44c845fa7fd18e6990809b775afdc320555b3161ab01c903c7de778aed2
SHA1 hash: bed7325ba23e0cd60a5095eb3d46d62ecdbbd60a
MD5 hash: ff3179fb68b1acf2c1665a27b9fc5c92
humanhash: zulu-black-missouri-winner
File name:ORDER SPECIFICATION.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'067'655 bytes
First seen:2020-06-02 10:33:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Iu/L7+JIcsFXM9FsacTIwWvUUiTrb9VCuPQRx11dUGEkEm+z:IuzeEu9FEMRx1/p+z
TLSH F93533B8CDDC2CFEDBD52C2BE0157EDB8891800978EC1A18A99A57074603E7EC95B5D3
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: superl.com.ph
Sending IP: 108.60.209.90
From: Lorna Gutierrez <purchase_lt9@superl.com.ph>
Subject: New order plan KF-202009/00106
Attachment: ORDER SPECIFICATION.zip (contains "ORDER SPECIFICATION.exe")

AgentTesla SMTP exfil server:
smtp.sarniotex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:01 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i2texxwsunsz5qo3cvbrr7risruir6zro7kpj46bmb6a2kkrpurq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 46a64bded2a3659ec1db154318fe28946888fb3177d4f4f3c1607c0d29517d23

(this sample)

AgentTesla

Executable exe 1b012d85e53fbe22bc06886ddd9fd38013fc454799b29e0791c4e42df70c18aa

  
Dropping
MD5 6a12c606d37326c0da425925791d49be
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b012d85e53fbe22bc06886ddd9fd38013fc454799b29e0791c4e42df70c18aa

Comments