MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63e465d4fa25dade581f86da272318ffde9721b886bb2db204148d7d9f96a1e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63e465d4fa25dade581f86da272318ffde9721b886bb2db204148d7d9f96a1e9
SHA3-384 hash: 403ddd6bb87d310963bf3e255eb99903a34c92c1618ed9942d637478454bd9f94685772e6df1a8dd9e8e73639fa47b16
SHA1 hash: 6e62777baed45afe576903646dfe23cab379f2a5
MD5 hash: c850bfde9a2ed4af9ff9f21740ae150f
humanhash: victor-wisconsin-king-october
File name:order_list023.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:478'139 bytes
First seen:2020-06-19 06:03:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:OCOeZgTNr1YdKilvXBTPaNCMxAKqybNuVs2oUgSqFI:hdOxr1HcXBTTCxqcbVI
TLSH 48A4237C8E28C429245FFA848B4895821C06CE197FF189CC651BBF4D97C24729F8FB5A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudmail1.1001click.com
Sending IP: 203.150.225.211
From: Kelly Yong <it@thaiphatanasin.com>
Subject: Fw: Re: Re: Request for quotation (Very Urgent)
Attachment: order_list023.zip (contains "order_list023.exe")

AgentTesla SMTP exfil server:
mail.ab-care.eu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.17.22227.18870.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 06:05:15 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mpsglvh2exnn4wa7q3ncoiyy77pjoinyq25s3mqecsgx3h4wuhuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 63e465d4fa25dade581f86da272318ffde9721b886bb2db204148d7d9f96a1e9

(this sample)

AgentTesla

Executable exe 2af478dceed4c409f335b295aeead5b18efa53693d9030017bc2b4d6c59ff76c

  
Dropping
MD5 fbed46599467ade39dcba85d7a8b4a6d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2af478dceed4c409f335b295aeead5b18efa53693d9030017bc2b4d6c59ff76c

Comments