MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c602ded02dd1fb3ba016bf48499751fd393b9b5d507bbda42c8de0da3b451395. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c602ded02dd1fb3ba016bf48499751fd393b9b5d507bbda42c8de0da3b451395
SHA3-384 hash: 230ad556f889964f9609658b33a26087523c5eef4c58886cc99585a1224a6c01e227c187b5d044273cc6cc247aed13f6
SHA1 hash: c8699c1cfab82d335289cbc97f0d63a3ccc35947
MD5 hash: dbac562f6d57e53ac204f60b6b462e99
humanhash: winner-diet-winner-india
File name:Purchase Order 4775 for JUNE_2020.PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:532'481 bytes
First seen:2020-06-04 07:04:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Dq3QbijLxxa7KQ8XbGTGcFM5Aev/CMY8CHfadfLUKaovubS:DGQb+xxuKQ6bGaB5AQ/CMYJHUDbvn
TLSH 08B423398BFAF702A3FDC5601CCBA48A94676A00B6CE187D1624A19D29FD1777FB440D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ygw2.ni.net.tr
Sending IP: 93.113.60.146
From: John Fluman <info@degiad.org.tr>
Reply-To: John Fluman <john.fluman@intranstcch.com>
Subject: JUNE 2020 PURCHASE ORDER
Attachment: Purchase Order 4775 for JUNE_2020.PDF.zip (contains "Purchase Order # 4775 for JUNE_2020.PDF.exe")

AgentTesla SMTP exfil server:
mail.hanovredisplays.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25510.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 09:01:34 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yybn5ubn2h5txiawx5eetf2r7u4txg25kb533jbmrxqnuo2fcokq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c602ded02dd1fb3ba016bf48499751fd393b9b5d507bbda42c8de0da3b451395

(this sample)

AgentTesla

Executable exe 0cad6de93886014f460477497c10b086c05531b368f9f7dd7ebab4c6d18fc53a

  
Dropping
MD5 187fd4d54ca0aff6a2425c556d421b13
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cad6de93886014f460477497c10b086c05531b368f9f7dd7ebab4c6d18fc53a

Comments