MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 982fc7b3cd1dbca2ad6bc4538e5ec89ff925606d163ca692e8a3a0be92397d74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	982fc7b3cd1dbca2ad6bc4538e5ec89ff925606d163ca692e8a3a0be92397d74
SHA3-384 hash:	0ea94a2d743b00c357be7c49f9bb0f9f191ef4c68234fd494c097e2632b5053df7e8251e03696441b7003cf807e94179
SHA1 hash:	c9fc5174efdd876d94c406729cfa07e89f90cee1
MD5 hash:	e53cbff351f115c5d76498e7df715ee0
humanhash:	august-summer-south-winter
File name:	Order-PO#08337.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	454'012 bytes
First seen:	2021-04-01 05:42:11 UTC
Last seen:	2021-04-01 07:43:31 UTC
File type:	zip
MIME type:	application/zip
ssdeep	12288:WIXdJqBL9At2cHaXOOIgLaMo8BYbJ9KB3YvgI:WYTIGHe+N8GrEoII
TLSH	A6A42335C087A26806C5A7B94C3F73E263D4F656EFEF0974FA122E87D27C645D490988
Reporter	cocaman
Tags:	zip

cocaman

Malicious email (T1566.001)
From: "vijaykhetan@vtexcorporation.com" (likely spoofed)
Received: "from vtexcorporation.com (unknown [185.222.57.216]) "
Date: "31 Mar 2021 18:20:59 -0700"
Subject: "New Order-PO#08337"
Attachment: "Order-PO#08337.zip"

Intelligence

File Origin

# of uploads :

3

# of downloads :

82

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_fs1999.UNOFFICIAL

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/982fc7b3cd1dbca2ad6bc4538e5ec89ff925606d163ca692e8a3a0be92397d74

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/982fc7b3cd1dbca2ad6bc4538e5ec89ff925606d163ca692e8a3a0be92397d74/

Threat name:

ByteCode-MSIL.Backdoor.Androm

Status:

Malicious

First seen:

2021-04-01 01:16:00 UTC

File Type:

Binary (Archive)

Extracted files:

50

AV detection:

6 of 48 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tax4pm6ndw6kflllyrjy4xwit74skydncy6knexiuoql5erzpv2a._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Gamarue

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/982fc7b3cd1dbca2ad6bc4538e5ec89ff925606d163ca692e8a3a0be92397d74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 982fc7b3cd1dbca2ad6bc4538e5ec89ff925606d163ca692e8a3a0be92397d74

(this sample)

exe 7c5f8a44d779547d1fafecc0d0797d15e09779b2bef71aded94d47d3cd9fea74

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 7c5f8a44d779547d1fafecc0d0797d15e09779b2bef71aded94d47d3cd9fea74

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample