MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2e18a5d394d1dd1c9c7deb68ade565baf3eef8046781fa577c401f165a560ffc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2e18a5d394d1dd1c9c7deb68ade565baf3eef8046781fa577c401f165a560ffc
SHA3-384 hash: 20a9250dd3f5f4bd3632a3e708c329dfdbd97f972850b2e725e1b20266bdfeb6ae1dfd2be022e6c686fb5ea9d2fc970f
SHA1 hash: e2bbd9a4aa945f7015892f4755c3c72091235138
MD5 hash: 4d2bb137d6029957bcaea04e3276c276
humanhash: shade-william-oxygen-skylark
File name:New Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:420'777 bytes
First seen:2020-06-18 06:04:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Jr7vTjooFTAYcDcWnF+X/6qqZ4k8jtZXCRuGN1nEWOPjKlYOsHIJbXv8vcgSiV8j:JXrj19bcDHF+P/m/1EWcKPRJbUvslt
TLSH C69423D9F6189E834323C87AB7FBF42064A97F07459D52586A0123DB21E127A0CD9FB3
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: chapar04.afr.hezardastan.net
Sending IP: 79.175.132.33
From: Haytham Halwani <admin@corpseed.com>
Subject: New Order
Attachment: New Order.zip (contains "New Order.exe")

AgentTesla SMTP exfil server:
mail.ametropolis.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Generic.fc.30295.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20634.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-18 06:06:06 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fymklu4u2horzhd55nuk3zlfxlz656aem6a7uv34iaprmwswb76a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2e18a5d394d1dd1c9c7deb68ade565baf3eef8046781fa577c401f165a560ffc

(this sample)

AgentTesla

Executable exe 28e39a753f7723de8723f5b5fe26b57b18342c869a8a8e86e138728d343d6b79

  
Dropping
MD5 7c738d899a5d3acd90f21482a70b0db6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 28e39a753f7723de8723f5b5fe26b57b18342c869a8a8e86e138728d343d6b79

Comments