MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 060edec0b075a068c30dc8fbca0a3ca8f7a8db5d5a16dcbe47fe2e39139fd8ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 060edec0b075a068c30dc8fbca0a3ca8f7a8db5d5a16dcbe47fe2e39139fd8ff
SHA3-384 hash: a1f07266c017dbb2a4a4b13177a542f5d6049f9714aa74ffc2eec242ea12e874e56a7468bb9a8dbe81667faf675dc796
SHA1 hash: b29a137832827d450cfd80a766e2b358c236986c
MD5 hash: bd440cf9bd0a5f82ef02b9de16aef98c
humanhash: bulldog-oven-winter-angel
File name:Order 539.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:7'892 bytes
First seen:2020-12-22 12:45:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 96:KN/9ZtIMSOjXngjDJXaefK/akzkt7f35yx5YHXapqgbeur/K5SL/7HJTjEFOBPDm:utISQDJq9qA5LpeB5Sb5AMB5o6g
TLSH DBF19DCE5782510BC14A74F919E939D4FAB4BCB22AF7D842463207E1CFAA849F5F4708
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: distinctiveappliances.net
Sending IP: 23.83.133.242
From: <Wixom@distinctiveappliances.net>
Subject: Order Confirmation Request
Attachment: Order 539.zip (contains "Order 539.bat")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
289
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis28BE78DAF7B9.11361.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/060edec0b075a068c30dc8fbca0a3ca8f7a8db5d5a16dcbe47fe2e39139fd8ff/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayhn5qfqowqgrqynzd54ucr4vd32rw25lilnzpsh7yxdse473d7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/060edec0b075a068c30dc8fbca0a3ca8f7a8db5d5a16dcbe47fe2e39139fd8ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 060edec0b075a068c30dc8fbca0a3ca8f7a8db5d5a16dcbe47fe2e39139fd8ff

(this sample)

AgentTesla

Executable exe 6d3deba9b84a0196b94370ee9a1201893fcacacc6736638407d0c4b11b7995a2

  
Dropping
MD5 28be78daf7b9cfff55e8aec8f9681740
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d3deba9b84a0196b94370ee9a1201893fcacacc6736638407d0c4b11b7995a2

Comments