MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cabc80ae98353b4a9b6a5a5374580a76beebaf33584065a7143b12fb25ecddb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	cabc80ae98353b4a9b6a5a5374580a76beebaf33584065a7143b12fb25ecddb1
SHA3-384 hash:	196ce0119ef1b03f3c76f35060348c95b1506b07503fbee54e40f7545c0e6b6a0d5ed9a3a99cd92b22b7ba2f9765ee7c
SHA1 hash:	76d3aa5b6f62453b517d39833fc98f766448063b
MD5 hash:	ffd42247cba4412331b74f759217d8c1
humanhash:	mars-oscar-beer-india
File name:	new order inquiry.Z
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	452'531 bytes
First seen:	2020-04-22 07:25:52 UTC
Last seen:	2020-04-22 13:21:27 UTC
File type:	z
MIME type:	application/x-rar
ssdeep	12288:yHOCbHync7OXXRMwQqCbgICfAIWQxIQj70:07bHyn2OXXivqFICIP1Qj70
TLSH	E7A423A78C89C4872A6271F881B789B4F715DEEABF22EA96038C0073C7ED857F075455
Reporter	cocaman
Tags:	AgentTesla COVID-19 z

cocaman

Malicious email
From: Alice Manhan<sales1@worthspark.com>
Received: from worthspark.com (unknown [212.83.46.23])
Date: 22 Apr 2020 06:20:26 -0700
Subject: NEW PURCHASE ORDER

Intelligence

File Origin

# of uploads :

# of downloads :

2'800

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-04-22 07:35:40 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

19 of 30 (63.33%)

Threat level:

2/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=zk6ibluygu5uvg3kljjxiwako27oxlztlbagljyuhmjpwjpm3wyq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z cabc80ae98353b4a9b6a5a5374580a76beebaf33584065a7143b12fb25ecddb1

(this sample)

AgentTesla

exe 9945676abd2ff8ebfce9b168cc13197c42d27f2e3644361ebad0388427719aeb

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 9945676abd2ff8ebfce9b168cc13197c42d27f2e3644361ebad0388427719aeb

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample