MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 697234a66ea01428164440034fcd15f9dc45ff3434f090f641bab6ebf0e95a26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 697234a66ea01428164440034fcd15f9dc45ff3434f090f641bab6ebf0e95a26
SHA3-384 hash: 7aadd4c0cb4b26a8b464beec58d867c207f723023acd3ac9fa25521ec66c83ecd8324609009572484893d37ca25f0484
SHA1 hash: a6e7abf68f74d31d663a562408e3b3cdd528facd
MD5 hash: 149a27eed3d2b71146c96b7c931aa0a1
humanhash: lithium-magazine-virginia-seventeen
File name:Customer Order, Images, Spec.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:298'915 bytes
First seen:2020-12-17 06:58:13 UTC
Last seen:2020-12-17 08:20:13 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:Zj6lvLgb6QS6rr4YDx++4Pck9kR9yOTtCg32+XPufNXZXEWaf:l6GbP4Yd++4Uka/jTt13jfufhZa
TLSH 9A54238DFB2DC15C82693D416B364D28E47236ADA38086949E91F740660F6BC3DBF4DE
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Jane<BStoney@schmersal.com>" (likely spoofed)
Received: "from schmersal.com (ec2-34-224-226-104.compute-1.amazonaws.com [34.224.226.104]) "
Date: "17 Dec 2020 00:07:11 -0800"
Subject: "New order#JTC20-PO074.075"
Attachment: "Customer Order, Images, Spec.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.f0015c5c4327dc4d.20101.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/697234a66ea01428164440034fcd15f9dc45ff3434f090f641bab6ebf0e95a26/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-17 06:59:07 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nfzdjjtouakcqfseiabu7tiv7hoel7zugtyjb5sbxk3ox4hjlita._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/697234a66ea01428164440034fcd15f9dc45ff3434f090f641bab6ebf0e95a26

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 697234a66ea01428164440034fcd15f9dc45ff3434f090f641bab6ebf0e95a26

(this sample)

AgentTesla

Executable exe ee8e9b7393b01e6f46b1540fde42f6faa87dee2b3104b5e809b3c0219f91a5c8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee8e9b7393b01e6f46b1540fde42f6faa87dee2b3104b5e809b3c0219f91a5c8
  
Dropping
AgentTesla

Comments