MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara Comments

SHA256 hash: 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564
SHA3-384 hash: cb3e4dabf350415f331c477bc707fe80f717a36073fb521f7e8f2368c249394f40ebe8e1beb19dbdedf1a734d7d10419
SHA1 hash: ad190f6d9ee57bbfe78c219ee7c6d790d195c815
MD5 hash: 1f068532b13690899f857840f2b110de
humanhash: asparagus-whiskey-undress-gee
File name:Purchase Order.gz
Download: download sample
Signature AgentTesla
File size:241'204 bytes
First seen:2020-06-30 13:19:48 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:CrcoiW3O6z5wBGFZ4W4hOHzd01dxodLCshEp7GeY9zV7Tte5RK9GsGBLMNtXgajb:iJek1eW4sHJ01Mg9MVzh4kEsGS9ljOo
TLSH 613423C2A1233D89702CD6542D730CBE75A12BE9106740B7359ACC62D7B7614A7E0FEE
Reporter @abuse_ch
Tags:AgentTesla gz

Malspam distributing AgentTesla:

Sending IP:
From: Mr. X <>
Subject: New Order After A Long Time
Attachment: Purchase Order.gz (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 29
Origin country US US
ClamAV Sanesecurity.Malware.27247.GZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Injector
First seen:2020-06-30 13:21:06 UTC
AV detection:18 of 48 (37.50%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 18.33%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



gz 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564

(this sample)

Delivery method
Distributed via e-mail attachment