MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0313b5eeac1530022502db9c57434f74301cbdf7e8211d7d204884ff84cc00b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0313b5eeac1530022502db9c57434f74301cbdf7e8211d7d204884ff84cc00b
SHA3-384 hash: 643dad1d1bc9c212f8e6d38b302e3b87800852462d1c3b351ba2fa641480a762b10a3021721e2e92f84f72d882f2c89e
SHA1 hash: 3d2259dd5b9faf389986c355d3c248642a11a569
MD5 hash: ef1ab4d6008929771f84f04c9b00969c
humanhash: vermont-mountain-juliet-jupiter
File name:PURCHASE ORDER EX-6531_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:387'241 bytes
First seen:2020-05-13 10:02:39 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:oRMkjlnx0xZOttujFt+qMTs5YeELlzuI2s2DippQwQEOsjJqE2snuBvRe:1wlnsZFf+qMTye5uI4+ppQwosBNq5e
TLSH CF8423E48581F483933BE25DAC851B79187CA2D70866DE0F3CA6C082E7A754748BBF75
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hosting.comnet.net.id
Sending IP: 202.150.128.130
From: Muhammad Baber <agency@darvishi.com>
Subject: PURCHASE ORDER EX-6531
Attachment: PURCHASE ORDER EX-6531_pdf.gz (contains "PURCHASE ORDER EX-6531_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yaytwxxkyfjqaisqfw44k5bu65bqds67p2bbdv6sasee76cmyafq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz c0313b5eeac1530022502db9c57434f74301cbdf7e8211d7d204884ff84cc00b

(this sample)

AgentTesla

Executable exe 7e4719fb11286b8b8db49cf1abdd864ca1a49666f88b1ff9b1d7953415d78650

  
Dropping
MD5 86fb88f299a0a8be9302927da3ae8ba2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7e4719fb11286b8b8db49cf1abdd864ca1a49666f88b1ff9b1d7953415d78650

Comments