MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98e2c1550d05f77bc1d485e0bcdb3ac1b703441a395a1b91b40f5daaf01fc507. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98e2c1550d05f77bc1d485e0bcdb3ac1b703441a395a1b91b40f5daaf01fc507
SHA3-384 hash: d73be9b02699db87238827525b93b9389041853622b9f3169bc5c612e483b27081ca87999cf236ccab33d942033d048a
SHA1 hash: 38218b381429bca364b6bd49d77dd3e5786edce5
MD5 hash: a9d192a45e18578b3a8212821525fd84
humanhash: jig-vermont-alaska-idaho
File name:Order 01001O02.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:677'348 bytes
First seen:2020-10-12 07:33:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:d/FUcZTtT6LeFtXsgkRjuEO+Xu3XcZzIwCUC6rFUImBLjVZ:d9tF9pFNsgkR6R+WXcZMwCyZ+
TLSH D2E433D1B326E4A6F5726619E8FE3111B6A90E54BEF7BE1C80043AEE154338C05AFD53
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: aerial-properties.com
Sending IP: 96.125.165.96
From: Pablo Silvage <sales.bigfzabric@gmail.com>
Subject: Order 01001O02
Attachment: Order 01001O02.zip (contains "Order 01001O02.exe")

AgentTesla SMTP exfil server:
webmail.eurosets.pw:587

AgentTesla SMTP exfil email address:
euro@eurosets.pw

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98e2c1550d05f77bc1d485e0bcdb3ac1b703441a395a1b91b40f5daaf01fc507/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tdrmcvinax3xxqouqxqlzwz2yg3qgra2hfnbxenub5o2v4a7yudq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/98e2c1550d05f77bc1d485e0bcdb3ac1b703441a395a1b91b40f5daaf01fc507

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 98e2c1550d05f77bc1d485e0bcdb3ac1b703441a395a1b91b40f5daaf01fc507

(this sample)

AgentTesla

Executable exe db539ae936d63a0f8340157cd6af07c6f3fd14b354799db61967679095d78576

  
Dropping
MD5 e57872f6ecc49fbdb794a16d8f9534f1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db539ae936d63a0f8340157cd6af07c6f3fd14b354799db61967679095d78576

Comments