MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85d44e0d1f10f441ca11485d229b19287016342853cd46c3df701dda04316972. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85d44e0d1f10f441ca11485d229b19287016342853cd46c3df701dda04316972
SHA3-384 hash: a156551d0fa7a7f67186bae11cffba8c0de0fbd3deec2af9a3f5da4758c27e7a18eb53af8a1e681b26e4da5726eaa03d
SHA1 hash: 3383e967502af5ccce8c7eeb7de34f75e709aa88
MD5 hash: 3191d5c1e776c91eaa5e4d687b557d55
humanhash: oscar-fish-idaho-fish
File name:Sun Packaging Purchase order.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:537'170 bytes
First seen:2020-06-16 05:09:45 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:sV/m9KcotymywHI3ha2PHaf7iImjj7GVxk7x39ulGiS3ZPNr:sV/m9Iyfsaha2PSmjjCu39ulGiS3pNr
TLSH 2BB423CB929E2DA81D2900ED5C273A9854C96DFD29731D0EC4EF31AC5893D363DB81DA
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [185.234.219.109]
Sending IP: 185.234.219.109
From: Sun Packaging Technologies, Inc <info@meherdistributors.com>
Subject: Sun Packaging Technologies, Inc -New Purchase Order
Attachment: Sun Packaging Purchase order.z (contains "Sun Packaging Purchase order.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:11:07 UTC
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qxke4di7cd2edsqrjbosfgyzfbybmnbikpgunq67oao5ubbrnfza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 85d44e0d1f10f441ca11485d229b19287016342853cd46c3df701dda04316972

(this sample)

AgentTesla

Executable exe d334bea4c2d8e2cfc9bcafe46792c8b8f79f2689d81ef01754224c7257022764

  
Dropping
MD5 4a806c6ffed2bc935edd03474138a6c1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d334bea4c2d8e2cfc9bcafe46792c8b8f79f2689d81ef01754224c7257022764

Comments