MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa69efd922eda743bb52fd28d5657838428614a59ebe692987c01418bf581535. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa69efd922eda743bb52fd28d5657838428614a59ebe692987c01418bf581535
SHA3-384 hash: 0a89191e5fec81e48dbc8d8402aa41e4b0095457cda3d10e228bb7f8dd85608b6e58c919b04231d7ef421e6b3fa8f4cd
SHA1 hash: fcda496cb7d219844421650f4f1dcd77c7f63147
MD5 hash: 36bac028bf51d08ef9a34ad6a9e97301
humanhash: missouri-social-beryllium-mirror
File name:Purchase Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:372'564 bytes
First seen:2020-07-16 08:08:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:b/hm7Wds9SUj42QcJgJg8XlNgAoqqvi17CTZS8e5cJv+QwwFaIhdej8gSOnnbi/6:JRUj4OJigAkHqF1E+QsIhjwnODh9RRZE
TLSH FB84236BB4C7C0C1B8D848E461EE3805F76CF4CE08968368A31FAB5039DB02657E66F1
Reporter abuse_ch
Tags:AgentTesla Yahoo zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic301-29.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.129.228
From: l.c. guidry <lcguidry09@yahoo.com>
Subject: Re: Purchase Order Requirement
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
mail.globalagriexport.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa69efd922eda743bb52fd28d5657838428614a59ebe692987c01418bf581535/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:10:07 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ju67wjc5wtuho2s7uunkzlyhbbimffft27gskmhyakbrp2ycu2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fa69efd922eda743bb52fd28d5657838428614a59ebe692987c01418bf581535

(this sample)

AgentTesla

Executable exe 8844e23aa416b9eb9690742c98f55c76dc1ff1e5956dff7f8796e46cc38f60cb

  
Dropping
MD5 d08543cc597924265c32d0147271d5fa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8844e23aa416b9eb9690742c98f55c76dc1ff1e5956dff7f8796e46cc38f60cb

Comments