MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97555d7e571b4addb2ab934b2eced757f7115dcff6eb95c7f5c34a937e7cc203. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97555d7e571b4addb2ab934b2eced757f7115dcff6eb95c7f5c34a937e7cc203
SHA3-384 hash: 39c561b2dcd1dd5167d607c341d2ec243e2d5f94aedaaa70cfafef7981bb43e55ca131a7d0a64ea926e593e5f759216f
SHA1 hash: 9ac99d0edf9b6f4640af30d2ec18fdc24507e9f5
MD5 hash: 9ee193ee2d03542d33edccb00dfdd575
humanhash: edward-october-eight-connecticut
File name:NEWORDER.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:430'068 bytes
First seen:2020-05-14 06:53:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:LhHSXF9j1VdmW3vZxK3tZVymfJbXSa+3iA0FJ/Bu+3tH:LhHeh1VdmqvZYEmfJOaf/pd3Z
TLSH 0C942329FFBBB7FF2734541A00A18A0AF539F57016A990C1879BB1D55E3352338EB482
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vs-william2019.uk.syrahost.com
Sending IP: 176.74.30.2
From: KIM <scan@bestseller.cn>
Reply-To: abs0000100@hotmail.com
Subject: New Order
Attachment: NEWORDER.zip (contains "NEWORDER.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 07:36:53 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s5kv27sxdnfn3mvlsnfs5twxk73rcxop63vzlr7vynfjg7t4yibq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 97555d7e571b4addb2ab934b2eced757f7115dcff6eb95c7f5c34a937e7cc203

(this sample)

AgentTesla

Executable exe 216c6b02a878dd3c0e20e476bcbb0e74a6d0841587118eda96ab3bc620d85d1f

  
Dropping
MD5 45b310ef34503c296061ad6e468b3d6e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 216c6b02a878dd3c0e20e476bcbb0e74a6d0841587118eda96ab3bc620d85d1f

Comments