MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74329268b9c99b30c62e94534b6e9679ba38ee062a8adb7818ce99ed76426f5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74329268b9c99b30c62e94534b6e9679ba38ee062a8adb7818ce99ed76426f5a
SHA3-384 hash: 6c1220422abf40b6825bf896a2e8bba06577f2dd8fa8e4898dd6ac7fad399087599bd503281d58e86d4020f4f9f62b06
SHA1 hash: d9f2407d778cf66b1b90ae6d51fb3706201fe16c
MD5 hash: cb11109bd67d499070f940067b06877b
humanhash: island-uncle-jersey-oklahoma
File name:PURE CHEM CO.,LTD.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:521'823 bytes
First seen:2020-05-12 16:19:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:5IyAl9E1QW4y7FD680ejF81/pRyb23X8zXnGUQUr4WGjS1cs2:5IZLwQWF0eh81/pRixrnGXUcHkz2
TLSH B8B4239035C76CD5AFB2153B27AA99FB4F1FF253EF1D03A593B62B86D0C05389280961
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.genoxyl.cf
Sending IP: 94.177.242.23
From: sale-manager@purechem.net <sales@belbev.asia>
Subject: ENQUIRY FROM PURE CHEM CO.,LTD
Attachment: PURE CHEM CO.,LTD.zip (contains "PURE CHEM CO.,LTD.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BehavesLike.Win32.Fareit.cc.21246.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:37:00 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oqzje2fzzgntbrrosrjuw3uwpg5dr3qgfkfnw6ayz2m625scn5na._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 74329268b9c99b30c62e94534b6e9679ba38ee062a8adb7818ce99ed76426f5a

(this sample)

AgentTesla

Executable exe ee6801317f50de988a4d0a24953331cb141a28903a11dac3bf95e58c9bf0bd2b

  
Dropping
MD5 844ac33156166cdfba34d705abf4b352
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee6801317f50de988a4d0a24953331cb141a28903a11dac3bf95e58c9bf0bd2b

Comments