MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b703b6e1b025cac4ba951d7a6d3e16777f0a1899ad62f7a6c00b780a95237595. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b703b6e1b025cac4ba951d7a6d3e16777f0a1899ad62f7a6c00b780a95237595
SHA3-384 hash: 2418d9fac826d1da0c122277ea4327ad3acb70c1d0c60e90f1ceb64772daf9267314793deb3d38472a5c79bb15e81aab
SHA1 hash: fe708d5ff3df16c9ffae88e17fdd331405d9e95d
MD5 hash: 915b815c635f7a4bcb754e45ad2023ec
humanhash: leopard-lion-jig-violet
File name:ORDER ATTACHMENT.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:392'682 bytes
First seen:2020-05-11 08:45:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:c/NFBLQLgDKoTzef4E7gE06/9/KTFw6Q+jiA8AlYr+bffTeeYaVc/TxoSjIyRuWU:c/ub6e5tl6PiAQCbffqerarCKIyRuWqj
TLSH 4784234245A7E1DED636ACAB008EAC71CBBFA5F942942A80038FC4499777FD11B21F17
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: scp63.hosting.reg.ru
Sending IP: 31.31.196.132
From: ph@tkhome.site
Subject: Price listing/New order
Attachment: ORDER ATTACHMENT.zip (contains "ORDER.exe")

AgentTesla SMTP exfil server:
mail.tkhome.site:587

AgentTesla SMTP exfil email address:
rbj270680@gmail.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.45506.16566.4323.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Rdn
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 09:36:38 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w4b3nynqexfmjouvdv5g2pqwo57qugezvvrppjwabn4avfjdowkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b703b6e1b025cac4ba951d7a6d3e16777f0a1899ad62f7a6c00b780a95237595

(this sample)

AgentTesla

Executable exe 5311f1790f3a5837f0a91ddcee95f5686a2a70431fa6063cca2e8fa1dcd13bdf

  
Dropping
MD5 c5a35fb35f66d855d4e91ad03a78664b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5311f1790f3a5837f0a91ddcee95f5686a2a70431fa6063cca2e8fa1dcd13bdf

Comments