MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d6596f393bff052a797f85479642b3258ebf68082a9bb91c9ac3cfe5d2eb28d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d6596f393bff052a797f85479642b3258ebf68082a9bb91c9ac3cfe5d2eb28d
SHA3-384 hash: 776cd70b83b4c993f3158753ba56de94e2468bc86c7cc8c0055f1864f6ea8dbac23655cea333fe1be32b4c5add406cdf
SHA1 hash: 3b7331f3dbb0701b264255a086761e2f55900250
MD5 hash: 5f6f57a4c69dc58a90762671c085218b
humanhash: whiskey-neptune-shade-venus
File name:Purchase Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:296'684 bytes
First seen:2020-05-11 08:13:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tfQy5GSHpeZuOhJsCyn8vG696nrZtTwocTz4Mio7e/4KHG:mywSJkjdyn8vG6oVtncTzhiGe/Hm
TLSH ED54233EFE3E2BF6C1F8AD840B79D4D4150A871E17D041D8179E1AA2C25DE1FBC5A50A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 69.gnextrade.online
Sending IP: 185.236.202.149
From: &A 925 Silver Jewelry<bastide@69.gnextrade.online>
Subject: Order jewelry
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
smtp.emss.us:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 20:05:00 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvszn44tx7yffj4x7bkhszblgjmox5uaqku3xeojvq6p4xjowkgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7d6596f393bff052a797f85479642b3258ebf68082a9bb91c9ac3cfe5d2eb28d

(this sample)

AgentTesla

Executable exe 7fab681c57b3f8918c974e5a436b72f9a963ae8b4d4ab5592ceb17cdb57f14f9

  
Dropping
MD5 28fd01088d8cbafb79a96128f286e43c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7fab681c57b3f8918c974e5a436b72f9a963ae8b4d4ab5592ceb17cdb57f14f9

Comments