MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bca6c3c07f81609227d409a774879977b2ef095834ca88ccb4c8716269ca854f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bca6c3c07f81609227d409a774879977b2ef095834ca88ccb4c8716269ca854f
SHA3-384 hash: 49ec6cc2c95e59d3a471f8e8088b7ae6384f323e0949f12ce150986c258b1f271383280d0f1e71a1fa2f1feab3e83fdc
SHA1 hash: db480ebfdbfb3616cfbb3f6d5025a0367ddda4af
MD5 hash: fc0049b1f8d735e3e5ca153af43fc6e0
humanhash: beryllium-equal-queen-apart
File name:SPECIFICATIONS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:814'544 bytes
First seen:2020-05-11 07:57:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Mc6q0cxf7ef03C/XPTuQHLRdKOfu9WePUodfvP:x0O753CztRdKOfYWUhdvP
TLSH 820533E3916DFD3A663F4BC8238853C9B3624877BB4C2DF67E55B1489E1E01A151EC12
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ohitelecom.com
Sending IP: 37.49.230.36
From: Mosad Hamza <Rahul.Nair@ohitelecom.com>
Reply-To: Email ADMIN <noreply@domain-admin.com>
Subject: PURCHASE ORDER _20/01/M2670/906365_OMAN DRILLING&SOIL TECHNOLOGY CO. LLC
Attachment: SPECIFICATIONS.zip (contains "SPECIFICATIONS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21738.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 13:18:38 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xstmhqd7qfqjej6ubgtxjb4zo6zo6ckygtfirtfuzbywe2okqvhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bca6c3c07f81609227d409a774879977b2ef095834ca88ccb4c8716269ca854f

(this sample)

AgentTesla

Executable exe ca946b7be994d2636254cb8b8cf44f5b7aa57fd705c6e07119aa4e68092daa01

  
Dropping
MD5 33c3551e8b1580ab7e9663b1c3e2c3f4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca946b7be994d2636254cb8b8cf44f5b7aa57fd705c6e07119aa4e68092daa01

Comments