MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b
SHA3-384 hash: bf4f4cd8be09b50dfdecf7df031d8e7469ce02565c29015c7391ac39948d8a3c9909e51d99279679c7731e73a7607d15
SHA1 hash: 6ff1c338ab702b722a215977abb7cdefdc53cdaf
MD5 hash: 2bacee2e0bb4f94ac0bdc49211eb40d0
humanhash: red-potato-triple-asparagus
File name:NEW ORDER -20021.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'703'936 bytes
First seen:2020-12-21 14:01:29 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:jK58D/F08Sxye5wmIs7WqcCUA13go7BcIhGRgkbV3u86WkwyoTbtNRI+3QSin7MR:9YpJVcego7BcIAgk6oTbtNUj7SzwI
TLSH D175AE3429ED561AF177AF764AD074959EEEFE722703D41D289033CA0633F40DDA262A
Reporter cocaman
Tags:AgentTesla img


Avatar
cocaman
Malicious email (T1566.001)
From: "PT. COMETA (Purchasing Dept)<purchasing1@cometa-id.com>" (likely spoofed)
Received: "from cometa-id.com (unknown [185.156.1.216]) "
Date: "21 Dec 2020 16:59:30 +0300"
Subject: "REQUEST FOR QUOTATION"
Attachment: "NEW ORDER -20021.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs2229.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-21 14:02:07 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbqc5ireptzh57ph4y2ozy62v6xvmxkmau45bzo5awpyynu74kfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 80602ea2247cf27efde7e634ece3daafaf565d4c0539d0e5dd059f8c369fe28b

(this sample)

AgentTesla

Executable exe e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e3c877f259a5ba3561d98819151b118f45847cad743c4c1a32fa1118f232d990

Comments