MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e34ecc6429b2a91b7afd71a04404823a6d58142208bc24b5ac58736892056bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e34ecc6429b2a91b7afd71a04404823a6d58142208bc24b5ac58736892056bc
SHA3-384 hash: beb9ede1c610d9640efb466a671f243c9259f6e4bde377b91ddc40c5aebd08f2bd8a05e6a8600064607fe24c302f2b18
SHA1 hash: 3bff04373886d2ea9f3d50ab09cc3f0618e8309c
MD5 hash: 97b4e1e8001f53267ccb82e778c78b7e
humanhash: twelve-wyoming-montana-july
File name:Final Order 54.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:60'768 bytes
First seen:2020-10-16 13:55:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:qXueW8j2SIsOLWK4H6JYpoTwC2AJyBAL45jKvP9:qDW8jWLW96JlwC1ymL4tSP9
TLSH D053029754722701CA7BABEFB4FEF71007788CE858918247C6E88E115755A5AEF0BC32
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gironex.com
Sending IP: 80.85.158.183
From: Edwards <edwards.maya@gironex.com>
Subject: Enclosed Order No.179989
Attachment: Final Order 54.zip (contains "Final Order 54.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.14977.5753.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e34ecc6429b2a91b7afd71a04404823a6d58142208bc24b5ac58736892056bc/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 13:57:04 UTC
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ty2ozrsctmvjdn5p24naiqcieotnlakcecf4es22ywdtncjak26a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9e34ecc6429b2a91b7afd71a04404823a6d58142208bc24b5ac58736892056bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9e34ecc6429b2a91b7afd71a04404823a6d58142208bc24b5ac58736892056bc

(this sample)

AgentTesla

Executable exe d4d5754fe653852683fa32cbb6c0433356f346f22a959a17bf36e74b73dace6d

  
Dropping
MD5 ca5fb15e0facb292ac9e9fd8e327247d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d4d5754fe653852683fa32cbb6c0433356f346f22a959a17bf36e74b73dace6d

Comments