MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b7520b2343d2e36cdb3fea3ca43ffc660a5b9b7cf0e5c10b1e46f7999d804511. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b7520b2343d2e36cdb3fea3ca43ffc660a5b9b7cf0e5c10b1e46f7999d804511
SHA3-384 hash: 4d28c50b4f17e5e663d24307df5490cd5ccabbf20a7a636f92704219145fb9ef528f67dc868a0d430697b8cf99035234
SHA1 hash: cdd60157196e39b973654918c4ccdb1cafce0664
MD5 hash: 81bb41a41d3d2fd439481b9f52f8c3d9
humanhash: stairway-diet-jersey-magazine
File name:PO08342020.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:329'801 bytes
First seen:2020-10-14 15:22:08 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:pFIki+UdtyUtt14jlxXysYjVMkwHbTIqyHpM7NjebVEE:bYLdLXGjSsWMjXI1Hp8Njkb
TLSH F56423426B4AF534480CDC0BFA85C5726F99A97696CC6D5878B3F4B90E770748E30AE3
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.fashionchannel.com.pk
Sending IP: 103.213.115.58
From: EG-TEK Group <syed.irfan@fashionchannel.com.pk>
Subject: Request For Quotation/PO#08342020
Attachment: PO08342020.zip (contains "PO#08342020.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b7520b2343d2e36cdb3fea3ca43ffc660a5b9b7cf0e5c10b1e46f7999d804511/
Threat name:
Win32.Trojan.LokibotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 04:35:05 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w5jawi2d2lrwzwz75i6kip74myffxg346ds4ccy6i33zthmaiuiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b7520b2343d2e36cdb3fea3ca43ffc660a5b9b7cf0e5c10b1e46f7999d804511

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b7520b2343d2e36cdb3fea3ca43ffc660a5b9b7cf0e5c10b1e46f7999d804511

(this sample)

AgentTesla

Executable exe 67e8fcfa65a48b5ef7288e91ac8ddab1180cf33150471357485511509955413c

  
Dropping
MD5 3548867d0890f222e7b7c68f7ecfb810
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 67e8fcfa65a48b5ef7288e91ac8ddab1180cf33150471357485511509955413c

Comments