MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0781ca350e9ca398f496223c738aebdf2cba7d939046c59a5c2fa09b75fbb349. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0781ca350e9ca398f496223c738aebdf2cba7d939046c59a5c2fa09b75fbb349
SHA3-384 hash: a5299251b71ec5b9c1a9b15db880f8d17b675ba09e3f892fc4e26cc77550e7d940f5ada070f884c614929e8efd7ee2b5
SHA1 hash: 483e5387b033ebf8b0b30963c4ad5e90320ac604
MD5 hash: 1e1464bcaf60cd623c64541f72e6ea94
humanhash: spaghetti-pluto-washington-eighteen
File name:PO_PRTH21551-ST0026.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:544'726 bytes
First seen:2020-10-16 14:04:45 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:nz+ciqLcqiPAKXhfMmRRAIzq7++N7OFx4YyglmkyZA9wcisKK:z4p/qKoQx4YhR9whc
TLSH C5C423B2D9C47DA3CC91AB5BF78F68DD17348194A00EBF39A7C422B925D3DD0846990B
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [37.49.229.176]
Sending IP: 37.49.229.176
From: "Mr. Luu Hai Minh" <info@dekamarine.com>
Subject: [NHAT HAI PRO-TECH JOINT STOCK COMPANY] New Purchase Order - ST0026
Attachment: PO_PRTH21551-ST0026.z (contains "PO_PRTH21551-#ST0026.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.12914.5641.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0781ca350e9ca398f496223c738aebdf2cba7d939046c59a5c2fa09b75fbb349/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 14:06:06 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=a6a4uniotsrzr5ewei6hhcxl34wlu7mtsbdmlgs4f6qjw5p3wneq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0781ca350e9ca398f496223c738aebdf2cba7d939046c59a5c2fa09b75fbb349

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 0781ca350e9ca398f496223c738aebdf2cba7d939046c59a5c2fa09b75fbb349

(this sample)

AgentTesla

Executable exe de92f367f0cd6124c89fca0b754bf8dafe8a6a993b56380edb5fc8676c58cdb5

  
Dropping
MD5 7aca0ef52aae63b58d96a3806d01be2e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de92f367f0cd6124c89fca0b754bf8dafe8a6a993b56380edb5fc8676c58cdb5

Comments