MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37
SHA3-384 hash: 5c7db4195d8a883f29c82e419f4230a870eefb4ec9d80bc9fe9e5d7a4407166117ef21b4f81978d519ed4ad0f91f6125
SHA1 hash: e29289dcfd084f7c8a2d413256243ff889a83db9
MD5 hash: fb0ecb8c3c946332d005ddea5430b273
humanhash: lion-september-arizona-item
File name:PURCHASE ORDER.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:603'996 bytes
First seen:2020-07-29 11:10:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:deLxp3dC3g1rxuKgR5M0txS3xqrXdG0+VR6L9bddLQ5TkpAo:dedzN1rUKa543adsVR65bd8TkpAo
TLSH 5DD4238278F005128B90C4DE6174CBFD2B2DBD52E1955A3F527651637ECEEBBE2E0086
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nicecottonbd.com
Sending IP: 103.99.1.143
From: Mohshin <mohshin@nicecottonbd.com>
Subject: PURCHASE ORDER D260170479,70254, TOP URGENT
Attachment: PURCHASE ORDER.zip (contains "PURCHASE ORDER.exe")

AgentTesla SMTP exfil server:
mail.a-k.co.ir:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22360.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 11:12:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pfmthhnrocpkxzay4pffidyaj6tylh6fgfj6z7vb4zh5g4wzf43q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7959339db1709eabe418e3ca540f004fa7859fc53153ecfea1e64fd372d92f37

(this sample)

AgentTesla

Executable exe ee24bdde3b389e8776f89333aa2a9fe433d8a49c22a7b594b0db8f70b868de1a

  
Dropping
MD5 fe96b4b87c6023b699ccc5ece8485e14
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ee24bdde3b389e8776f89333aa2a9fe433d8a49c22a7b594b0db8f70b868de1a

Comments