MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7e870a2809a5014b8b7f744e162a88758965f534dc1fe4342e1c393aab9c7f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7e870a2809a5014b8b7f744e162a88758965f534dc1fe4342e1c393aab9c7f0
SHA3-384 hash: 28d8b9f06b0abcdc2607fcba249429350aeb813a8116966553ef3b6cbf4a90ae9a340dfed90e0612fc009ce6e4f987ff
SHA1 hash: 801732f2882b10def5c19dac1cda58c3614c246a
MD5 hash: 1c7be89710eb05c309ff3763c8d73c61
humanhash: oklahoma-bacon-whiskey-sweet
File name:NEW ORDER 092134.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:181'295 bytes
First seen:2020-05-04 18:15:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:0HGL8fHH5M31VMUKhBA2JeOcO7W+99ugBGvuVDxrlbpb17RFEJ4HVfBqJqE5EfxR:NIy3cUKhGYR99xsvKF17RzkdefX
TLSH F4042356644ACC9492DF9D2B2AB223A033AEDB4FE6B8D4930D0077DD799074BF618127
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hos5.host4asia.com
Sending IP: 72.9.144.141
From: Suba Air Perdana <subaaccounts@dnet.net.id>
Reply-To: subaaccounts@dnet.net.id
Subject: New ORDER #092134.
Attachment: NEW ORDER 092134.zip (contains "NEW ORDER #092134.pif")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44194.12681.20059.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 14:29:43 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7uhbiuatjibjofx65cocyviq5mjmx2tjxa74q2c4hbzhkvzy7ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c7e870a2809a5014b8b7f744e162a88758965f534dc1fe4342e1c393aab9c7f0

(this sample)

AgentTesla

Executable exe e4d4a2336be1fc111f68301d7007a79a9b8057864c1d92415de5b4782784682e

  
Dropping
MD5 4f1610c4fd30e19ab3e2f7ca97efbae3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4d4a2336be1fc111f68301d7007a79a9b8057864c1d92415de5b4782784682e

Comments