MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c1d68817d7ce1ae5ff09fdd527ef820eaa42e99295a0fa234f547c079e6c4e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c1d68817d7ce1ae5ff09fdd527ef820eaa42e99295a0fa234f547c079e6c4e3
SHA3-384 hash: 06cfa6e09897b9c5e82bd2a3a52ef8e5dcbd306f1fdc0e43d0953f2988e4f18961d49fb480e13e04da70ad8687164561
SHA1 hash: f8bac7c0d0cb27355a36ed525b57f0ebf3bd5a50
MD5 hash: 42c6dc9824cc5b2eafc7911d07263d38
humanhash: queen-bluebird-coffee-zebra
File name:new order.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:635'834 bytes
First seen:2021-01-11 09:17:34 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:SZrtm7yoHXi52HJa/f5BAQbdt50ogBqK0VkozhCEb53DINtHy1pM9xyay2QDwsxM:SZiHSAih2QfdK0VkozM+k62zPhQsAM
TLSH 0FD423A88FB565F59C06FAB401DC6FF612A45ACFC0A3F366E53EB62207806D186C4C75
Reporter abuse_ch
Tags:z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: jw-medical.co.kr
Sending IP: 62.113.215.224
From: Raffizas<export@jw-medical.co.kr>
Subject: NEW PO
Attachment: new order.Z (contains "new order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c1d68817d7ce1ae5ff09fdd527ef820eaa42e99295a0fa234f547c079e6c4e3/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-11 09:18:12 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqowral5ptq24x7qt7ove7xyedvkiluzffna7iru6vd4a6pgytrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0c1d68817d7ce1ae5ff09fdd527ef820eaa42e99295a0fa234f547c079e6c4e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 0c1d68817d7ce1ae5ff09fdd527ef820eaa42e99295a0fa234f547c079e6c4e3

(this sample)

AgentTesla

Executable exe 1ce0db3fa01d212a3894f6e9a359f9c86815637603a31a4d743d1d4b087d1945

  
Dropping
MD5 9d06ab4138b678d16b73f6fdd667d0c0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1ce0db3fa01d212a3894f6e9a359f9c86815637603a31a4d743d1d4b087d1945

Comments