MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c118803989cdd3abf763ec0f6e7b6544ba3e7c2b47e15c059b3652e6243eba46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c118803989cdd3abf763ec0f6e7b6544ba3e7c2b47e15c059b3652e6243eba46
SHA3-384 hash: a9123d9d0808940ad9c99338d49a4b4ead4a8ec139ea7d4f54871d0efb9481c5a5d6cc1609c8fd8c5289caa2c342aac3
SHA1 hash: dbd3e4484681183aacd473b3cee81ba57900a5fc
MD5 hash: 678ab7938b01289b1a2cd9d6ee66387a
humanhash: helium-fifteen-connecticut-zulu
File name:CCCO_JORDANPAYMENT_COPY.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'839 bytes
First seen:2020-06-06 10:04:16 UTC
Last seen:2020-06-06 14:21:42 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:ZG5pBwG078NfpJo9hX3zBMDirTofvvtoB83+yy:E0QRGXtMDiPofvvWB8uX
TLSH 219423DDC4ECFE61710AAB3F7616E52CC80256DF03AE5B4F6D8223D8A1D44A671A1C87
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: djongclub.club
Sending IP: 103.141.136.136
From: Eng. Basel<supportonline@djongclub.club>
Subject: RE: IDF - 2301999 -HDPE/paymeny ccco jordan
Attachment: CCCO_JORDANPAYMENT_COPY.zip (contains "CCCO_JORDANPAYMENT_COPY.exe")

AgentTesla SMTP exfil server:
mail.sridurgaagros.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaA.8570.26070.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-06 10:06:05 UTC
AV detection:
19 of 30 (63.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yemiaomjzxj2x53d5qhw463fis5d47bli7qvybm3gzjomjb6xjda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c118803989cdd3abf763ec0f6e7b6544ba3e7c2b47e15c059b3652e6243eba46

(this sample)

AgentTesla

Executable exe fb27ede2845ba7d3b3c49f016df02727605684968700026041d8be88f41fdf68

  
Dropping
MD5 47c90cd45f7d4d453497651899387629
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fb27ede2845ba7d3b3c49f016df02727605684968700026041d8be88f41fdf68

Comments