MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b161d990ac7fc79dccf2aa0b91617c5f74b8e21f3ab7ac6ee0a2c64d7699c79c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b161d990ac7fc79dccf2aa0b91617c5f74b8e21f3ab7ac6ee0a2c64d7699c79c
SHA3-384 hash: 2c2a16b8f13037bf11de4820ebd0c34a4c6baac86da62c202b34c5daad9cb3bebbf20902270bc0ae031ca0d26c540a7d
SHA1 hash: edee95f63ef0183f6eca44515433dad5103f7ed1
MD5 hash: 3fb64fd67a3697cf7bc4958825058598
humanhash: bacon-four-low-louisiana
File name:Purchase Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'514 bytes
First seen:2020-05-28 13:58:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:mbhqHYczD7j9DsSGtkQ07gOnnm5jLyfIPsLkHeC8i6ndkoZXEWPTFLei:ahQ7jdG2Q0sqnQLDJ+CeC2Jyi
TLSH 1E9423C1EB2C3724DEA209B6C57A8A25DDBAD4E5BB71E7EE695C3280C3ED40D5340E44
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: Fanny Chang <sales@globalmedicalad.com>
Subject: NEW PURECHASE ORDER (PO383720)
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
r112ds144.redewt.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 14:36:09 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b161d990ac7fc79dccf2aa0b91617c5f74b8e21f3ab7ac6ee0a2c64d7699c79c

(this sample)

AgentTesla

Executable exe 0043a267bb9d97397eb15a8050ff107261ace407e9ad7e80ae32331e63d81139

  
Dropping
MD5 e09e313fa5ee3202756106bfe71d0880
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0043a267bb9d97397eb15a8050ff107261ace407e9ad7e80ae32331e63d81139

Comments