MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564
SHA3-384 hash: cb3e4dabf350415f331c477bc707fe80f717a36073fb521f7e8f2368c249394f40ebe8e1beb19dbdedf1a734d7d10419
SHA1 hash: ad190f6d9ee57bbfe78c219ee7c6d790d195c815
MD5 hash: 1f068532b13690899f857840f2b110de
humanhash: asparagus-whiskey-undress-gee
File name:Purchase Order.gz
Download: download sample
Signature AgentTesla
File size:241'204 bytes
First seen:2020-06-30 13:19:48 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:CrcoiW3O6z5wBGFZ4W4hOHzd01dxodLCshEp7GeY9zV7Tte5RK9GsGBLMNtXgajb:iJek1eW4sHJ01Mg9MVzh4kEsGS9ljOo
TLSH 613423C2A1233D89702CD6542D730CBE75A12BE9106740B7359ACC62D7B7614A7E0FEE
Reporter @abuse_ch
Tags:AgentTesla gz


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.406.soyungwanginc.casa
Sending IP: 157.230.111.37
From: Mr. X <info@406.soyungwanginc.casa>
Subject: New Order After A Long Time
Attachment: Purchase Order.gz (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
mail.anissh.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 29
Origin country US US
ClamAV Sanesecurity.Malware.27247.GZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Injector
First seen:2020-06-30 13:21:06 UTC
AV detection:18 of 48 (37.50%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 18.33%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments