MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57f62ce00cc4f7b78f7bfcc9c06468fab7a17ce5aa69e8f7d51fe60c4e8d4ae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57f62ce00cc4f7b78f7bfcc9c06468fab7a17ce5aa69e8f7d51fe60c4e8d4ae3
SHA3-384 hash: f281edd9524f0a68f24e4f150e907793abc0a713ab8889dbd5d7fa9e3c7a5e64bd6ccaf255e853413550394a57c14b07
SHA1 hash: 5c78c8b7e4dded947f97a3ccdb09907648b7db74
MD5 hash: df09c653555df27dabb2496e98c37386
humanhash: uncle-winter-georgia-florida
File name:Purchase Order PO101341.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:19'992 bytes
First seen:2021-04-01 07:23:53 UTC
Last seen:2021-04-01 10:46:06 UTC
File type: zip
MIME type:application/zip
ssdeep 384:ihcAIiZqi5xj52Aq1jZGizVaLVps0FVyQXlLuaE6Z6lnRwHM2:SZIioiX52Aq1lGiz0m6kQ1Lm6ZqnRK
TLSH 7792D0CA5483E505C74A216A61A136CF61874F31D3F536CB2B0E7FA0C18A260BD3EA2C
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: Majid Farahani<aster.chan@vps-b4a8c633.vps.ovh.ca>
Reply-To: Majid Farahani<pramod@heaxagro.com>
Subject: Purchase Order - PO101341 - Mezotic General Trading
Attachment: Purchase Order PO101341.zip (contains "kelvin.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Nanocore-9831995-0
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/57f62ce00cc4f7b78f7bfcc9c06468fab7a17ce5aa69e8f7d51fe60c4e8d4ae3
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57f62ce00cc4f7b78f7bfcc9c06468fab7a17ce5aa69e8f7d51fe60c4e8d4ae3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-01 07:24:10 UTC
AV detection:
6 of 43 (13.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k73czyamyt33pd337te4azdi7k32c7hfvju6r56vd7taytunjlrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/57f62ce00cc4f7b78f7bfcc9c06468fab7a17ce5aa69e8f7d51fe60c4e8d4ae3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 57f62ce00cc4f7b78f7bfcc9c06468fab7a17ce5aa69e8f7d51fe60c4e8d4ae3

(this sample)

AgentTesla

Executable exe 3ecf636a0d0d09987d861f3b470250742e1a37775d550e29cca275b4959bd9af

  
Dropping
MD5 0b2fb8e1ce2faee33ecc4eb8d73df00d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ecf636a0d0d09987d861f3b470250742e1a37775d550e29cca275b4959bd9af

Comments