MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70c373450f3f9551eb02557f7b477e6d60c5460a8973f4b187bed4504a9c1d2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70c373450f3f9551eb02557f7b477e6d60c5460a8973f4b187bed4504a9c1d2f
SHA3-384 hash: 4897319bec90dec7afd03c23180f368487d72ece57c014c8f1ebf65dd3fd3d7de366da405edf3309cfde60b698a6a081
SHA1 hash: 206495c45b9f638808d3fb36031b1b3869fd9e6a
MD5 hash: 4375e6c7c445fba78412c93d1cbf7b30
humanhash: kilo-vermont-green-happy
File name:Order443022720.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:789'540 bytes
First seen:2020-08-27 08:06:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:77L9gsV+/eQ+5gCkkBPxaxa5lh5zVMjvMAsQCh/hBvF:DHVwGgPjsRzVM7sp/x
TLSH 74F4334A34C031EE8C133D9B8976591AD7DDF625A180C6F0B5693E824137E3E54B1ABB
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lv2-dxtjxq.cn4e.com
Sending IP: 219.239.95.10
From: Sales <zhaopin@pantex.cn>
Subject: New Order-Urgent
Attachment: Order443022720.zip (contains "Order443022720.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70c373450f3f9551eb02557f7b477e6d60c5460a8973f4b187bed4504a9c1d2f/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 08:08:09 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=odbxgriph6kvd2yckv7xwr36nvqmkrqkrfz7jmmhx3kfasu4duxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70c373450f3f9551eb02557f7b477e6d60c5460a8973f4b187bed4504a9c1d2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 70c373450f3f9551eb02557f7b477e6d60c5460a8973f4b187bed4504a9c1d2f

(this sample)

AgentTesla

Executable exe 18f9608b744cc7cb1f8de3e6d95d9d3a11307e0513a5cba000427a948a8fe96d

  
Dropping
MD5 569902f760c3c6d2efeaf0d34ec4b0b5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18f9608b744cc7cb1f8de3e6d95d9d3a11307e0513a5cba000427a948a8fe96d

Comments