MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1
SHA3-384 hash:	0d0df012811030654b49f0d63f69730f1a36193e97157b44c3c274c9478eb3d15990677224ef644231984f2d9d97e371
SHA1 hash:	a566933544da6c31bfb6530c81ec9bec3c229ce8
MD5 hash:	2017834783d594f7e2329053a3d4e9c0
humanhash:	quiet-purple-coffee-washington
File name:	PO#7A68D20.zip
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	721'757 bytes
First seen:	2023-12-19 16:34:18 UTC
Last seen:	2023-12-19 16:35:06 UTC
File type:	zip
MIME type:	application/zip
ssdeep	12288:N6fSNDR/wHkjDNGUY3QspGgg0KAqWcOR2zk5H4Oprsv8YUOs6:kfSNd/wHkjDNGUaQs7KA+OcUHhpr3Os6
TLSH	T17DE423D3FA105166E565362E4A0DE86F31A098CFD0BFEBB9F502937189A01B18D5F3B1
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	AgentTesla zip

cocaman

Malicious email (T1566.001)
From: "fjahangir.cs@optimaxbd.net" (likely spoofed)
Received: "from mail.optimaxbd.net (mail6.optimaxbd.net [203.112.73.74]) "
Date: "Tue, 19 Dec 2023 08:22:45 +0100"
Subject: "RE:NEW PO FROM ALANTECH CO.,LTD QTTY (PO #7A68D20)"
Attachment: "PO#7A68D20.zip"

Intelligence

---

File Origin

# of uploads :

3

# of downloads :

196

Origin country :

CH

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	PO#7A68D20.exe
File size:	949'760 bytes
SHA256 hash:	a738ef5ae6576c2ca7356087a74f73ccaa72858d887be25bbdf6f59dce37edff
MD5 hash:	b8db7cf9c446f34524697ed2bc30371b
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Sanesecurity.Foxhole.Zip_fs292.UNOFFICIAL

Alert

Create hunting rule

Porcupine.Malware.58887.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/6581c63af4b6e5e16350a182/reports/48415328-ddd6-4601-8734-d4f981031b0c/overview

Hybrid Analysis Troj/Krypt

Verdict:

Malicious

Labled as:

Troj/Krypt

Link:

https://www.hybrid-analysis.com/sample/8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1

InQuest MALICIOUS

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Nucleon Malprob Benign

Score:

0%

Verdict:

Benign

File Type:

Archive

Link:

https://malprob.io/report/8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1/

ReversingLabs TitaniumCloud ByteCode-MSIL.Trojan.AgentTesla

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-12-19 12:53:15 UTC

File Type:

Binary (Archive)

Extracted files:

13

AV detection:

22 of 36 (61.11%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=q4awqpaceawgxdltfijxumexv2nyykbfsznab4l4u6afazzpkpqq._file

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8701683c02202c6b8d732a137a3097ae9b8c2825965a00f17ca78050672f53e1