MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b985b946b07c523f8dd6c8fd02017ab93a24d01b6a326e3a1ab4e8af00059985. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b985b946b07c523f8dd6c8fd02017ab93a24d01b6a326e3a1ab4e8af00059985
SHA3-384 hash: 24fca7ac260d1afaf7c6ff1602c98716e3bbf0be6998a6e25dc3f5bc23a86218a13df563b91df324a9103c73f31bb9fb
SHA1 hash: d8fd7ebc98f04aca6cede9dd8eaec2dcb4dfbec4
MD5 hash: 420172bc6f087fc8768c984c8edccc50
humanhash: illinois-pennsylvania-tango-virginia
File name:Purchase Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:704'076 bytes
First seen:2020-08-18 19:37:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:FwCmPev0HAOC4HgkxZkBMTC8I0gE/MaZJeMgv6yZXLfC6E/7Ni:DmWvwbHdCSC81FMaZWCyZXL6Bo
TLSH B7E4239778B5002BEEEE706B0FEB95E0B969D1DE13BC046B945302FA05962195E0EC37
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: m13231.mail.qiye.163.com
Sending IP: 220.181.13.231
From: Imports Dept. <yanyanhong@tenetlaw.com>
Subject: New Order#1140920
Attachment: Purchase Order.zip (contains "Purchase Order_pdf.exe")

AgentTesla SMTP exfil server:
mail.memorybasket.co.in:587

AgentTesla SMTP exfil email address:
nworgn@memorybasket.co.in

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21245.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b985b946b07c523f8dd6c8fd02017ab93a24d01b6a326e3a1ab4e8af00059985/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 19:39:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgc3srvqprjd7dowzd6qeal2xe5cjua3nizg4oq2wtuk6aaftgcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b985b946b07c523f8dd6c8fd02017ab93a24d01b6a326e3a1ab4e8af00059985

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b985b946b07c523f8dd6c8fd02017ab93a24d01b6a326e3a1ab4e8af00059985

(this sample)

AgentTesla

Executable exe 32e54aeaedb861f4ad9142949d226b788220293cb49f4b702fea9d65493b6a14

  
Dropping
MD5 745ef27e55825376b2444579466ec923
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 32e54aeaedb861f4ad9142949d226b788220293cb49f4b702fea9d65493b6a14

Comments