MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee9db999b02a9349954d68904643cb97963ef073c52c48a46c116a792ca53560. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee9db999b02a9349954d68904643cb97963ef073c52c48a46c116a792ca53560
SHA3-384 hash: 97cd0738c06191a7fea84c8bf30bb363834026cd0f5d01a26d5d4810ee761fb8befb713e67cfb931d65e2b9f8d1f1a1e
SHA1 hash: 496b9cb7e172ab0ce908f29560f64522b0b38b36
MD5 hash: 07ca00add35cafaa04cee889d50788a4
humanhash: beer-lima-cup-potato
File name:VQ_65342376546PurchaseOrder.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'376'256 bytes
First seen:2020-08-13 05:33:02 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:/jF+j4VBrSDyfl5pMxRF2Z6blnD986jJTOyazaRq:/jIYrS4bWS2ln1OJzWq
TLSH 145515E3DE14B60CCD7406FB363B5B4C1E692C1D7EE59ACB2B4CF996D632A21200E552
Reporter cocaman
Tags:AgentTesla img


Avatar
cocaman
Malicious email
From: Sireesha Immadi<pie@staisries.org>
Received: from staisries.org (unknown [103.149.13.82])
Date: 11 Aug 2020 21:25:04 -0700
Subject: RE: New Order / ETD Confirmation.
Attachment: VQ_65342376546PurchaseOrder.img

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee9db999b02a9349954d68904643cb97963ef073c52c48a46c116a792ca53560/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 00:29:13 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=52o3tgnqfkjutfknnciemq6ls6ld54dtyuwerjdmcfvhslffgvqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee9db999b02a9349954d68904643cb97963ef073c52c48a46c116a792ca53560

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img ee9db999b02a9349954d68904643cb97963ef073c52c48a46c116a792ca53560

(this sample)

AgentTesla

Executable exe 51f93b0b895c66693366134a1ec3c48e793fa6243eb25a42da116cf6737bfa19

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51f93b0b895c66693366134a1ec3c48e793fa6243eb25a42da116cf6737bfa19

Comments