MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd
SHA3-384 hash: fee01b29cd4409285f2cdb1a4224a18dbbe3b996a8f19f1502df618530563344155b6cc0a44b9e4ac0226f863877f020
SHA1 hash: 58f2d6db596f680b5ced922fd2d16eb587841682
MD5 hash: 62e0c48ee2193489045cf2f4e2fcdb7a
humanhash: oregon-blue-south-charlie
File name:PO90126734.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:399'859 bytes
First seen:2020-05-11 07:43:16 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:4pmIwicvi2+7cfLr9mV0UL+UfxHzpQ5q5Lq:MRw+ummUjfxp6qw
TLSH 6D8423E33933F9BAEE859CD5449810ABA837741D0C29495B9DBD7EFE132321BB2524C4
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.aquonmo-tech.ga
Sending IP: 137.74.224.86
From: Ms. Cheon <cheonio@automationsystems.com.my>
Subject: Purchase Order-PO#90126734
Attachment: PO90126734.zip (contains "PO#90126734.exe")

AgentTesla SMTP exfil server:
mail.spamora.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 18:52:09 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2rxjjaqaxdms7pxo2tubw7rffz7d5qtacqxa6ja5ok7jsn4g7gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cea374a41005c6c97df776a740dbf12973f1f61300a1707920eb95f4c9bc37cd

(this sample)

AgentTesla

Executable exe d15622eadc7b798a496f5f524543a69c63da3f7f56e3bb01fcf83fa85e2ae549

  
Dropping
MD5 9eeaeaf87c06004b295ca1b8f395f00b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d15622eadc7b798a496f5f524543a69c63da3f7f56e3bb01fcf83fa85e2ae549

Comments