MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d6887bc8c4f758c37e238911e160be4ad33749bcbaeeb5769f134d298afe6f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d6887bc8c4f758c37e238911e160be4ad33749bcbaeeb5769f134d298afe6f7
SHA3-384 hash: 7d1c1ebaa100186bef4333d3a27dd6494ad0aa12f9071afbe1daf0aef06b2e2035f3e034299c66ee1f2ba75720312388
SHA1 hash: f100597bf6b3074d1c0b7af65c9aaec6c2f8d752
MD5 hash: 6b15bf9218f73ef0557750cbc375c8ae
humanhash: indigo-nine-oscar-hamper
File name:080620.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'045'793 bytes
First seen:2020-06-08 05:44:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:UNFWYBRFXwLPx5t+lgqlpsGXs2yiGgmjz7t3OWLzWxMMxs:QFD3oPglpuSsz7wVf6
TLSH E82533A60254ADC5BD23B35772D73DE96D62533CC23A4E648628ADE1037B8EF403572B
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email
From: oversea@mijinsoft.co.kr
Received: from mijinsoft.co.kr (unknown [103.138.109.239])
Date: 7 Jun 2020 18:15:22 -0700
Subject: 30 % advance order
Attachment: 080620.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 03:06:55 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvuippemj52yyn7chcir4fql4swtg5e3zoxowv3j6e2nfgfp433q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0d6887bc8c4f758c37e238911e160be4ad33749bcbaeeb5769f134d298afe6f7

(this sample)

AgentTesla

Executable exe de2cdf22390a5a5b908d6f910e302cd337f064130065513ba97c1afe1b2f8003

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de2cdf22390a5a5b908d6f910e302cd337f064130065513ba97c1afe1b2f8003
  
Dropping
AgentTesla

Comments