MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0de89eab1bd6eb9849695e45e4ca3cd0e837ae5d10f8f19576e66e0373dfe8b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0de89eab1bd6eb9849695e45e4ca3cd0e837ae5d10f8f19576e66e0373dfe8b8
SHA3-384 hash: 71bf38262045cde4a13bcc2558d0bc30fc1e786a615872666486fe50cc381b666ebc849b711fb9d8669a27b9e88c40d4
SHA1 hash: 4804754e5276b36bb84d645aebd71427508c2b2b
MD5 hash: 442338d3364364c2bc719c4253b6fe27
humanhash: jupiter-wolfram-nuts-alabama
File name:order-2020-PO#0834.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:473'791 bytes
First seen:2021-01-25 10:12:25 UTC
Last seen:2021-01-26 08:53:52 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:DViIPY8eIB/yeeTJ2BdmrAVvHCYMUYKnpFevA3gHdkr0pCaWhAIPJnnH4ftkdm6L:D44ne0VeTJixHM7KKvAoW2TeJnn8a3Qi
TLSH 01A42361BA3A02EADC819F9C5D07C4858339F110E8D39B47F243E5898D7273D7AAA51B
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?7J2066Gc7IKsIOu2gOyepeuLmCDshLjrsKkg7Jyg7Ya1ICc=?=<marketing@fresco.co.kr>" (likely spoofed)
Received: "from postfix-inbound-3.inbound.mailchannels.net (inbound-egress-6.mailchannels.net [199.10.31.238]) "
Date: "25 Jan 2021 02:26:16 -0800"
Subject: "=?UTF-8?B?UkU6IOugiDog66CIOiBbUmVdIHF1b3RhdGlvbg==?="
Attachment: "order-2020-PO#0834.zip"

Intelligence

File Origin
# of uploads :
9
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs2008.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0de89eab1bd6eb9849695e45e4ca3cd0e837ae5d10f8f19576e66e0373dfe8b8/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-25 10:13:06 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxuj5ky323vzqsljlzc6jsr42dudpls5cd4pdflw4zxag4675c4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0de89eab1bd6eb9849695e45e4ca3cd0e837ae5d10f8f19576e66e0373dfe8b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0de89eab1bd6eb9849695e45e4ca3cd0e837ae5d10f8f19576e66e0373dfe8b8

(this sample)

AgentTesla

Executable exe da62030389950c96e25e406e2c698b25cfacd49ecbdaa986421fb7995d2ee314

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da62030389950c96e25e406e2c698b25cfacd49ecbdaa986421fb7995d2ee314
  
Dropping
AgentTesla

Comments