MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1235e90b597ef288e124884a7bc325cbf1f9c23ad3e839c9b695bac356add7c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1235e90b597ef288e124884a7bc325cbf1f9c23ad3e839c9b695bac356add7c0
SHA3-384 hash: 4fb08134f4eba9e5ecc68d4c77dfc64fc82e8d86f958f94755b9c50400f70365deccc542259132e747faa7a6abcc3b74
SHA1 hash: a9b96bee94362ae6d004ec2ab955923101c34338
MD5 hash: 10cbc3d18440f2ebf3504cfc3449a29e
humanhash: neptune-fruit-eight-queen
File name:形式订单#00101(新订单).xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:221'232 bytes
First seen:2020-10-22 07:12:56 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:JWn64rsvXlat0cpGAHUOaQ61IuFurPdJZjPmm:w64KEeOdHUMAIPxr
TLSH 8B24227B73D52C07D294245AAECAE93198CD478CB09192BFDCFC30EA9572CDBA1085E4
Reporter abuse_ch
Tags:AgentTesla Telegram xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hengjiurui.com
Sending IP: 45.133.245.213
From: sales1 <sales02@hengjiurui.com>
Subject: 形式订单#001/01(新订单)
Attachment: 形式订单#00101(新订单).xz (contains "形式订单#00101(新订单).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1235e90b597ef288e124884a7bc325cbf1f9c23ad3e839c9b695bac356add7c0/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 04:38:53 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ci26sc2zp3ziryjerbfhxqzfzpy7tqr22pudtsnwsw5mgvvn27aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz 1235e90b597ef288e124884a7bc325cbf1f9c23ad3e839c9b695bac356add7c0

(this sample)

AgentTesla

Executable exe 3d5332d39427063ae210b52204b193c7d813fa69933168de167efbc9d8a24140

  
Dropping
MD5 e26bdd7bf67356af98089f72f4fa083f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3d5332d39427063ae210b52204b193c7d813fa69933168de167efbc9d8a24140

Comments