MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c64394edc6c571c744044cb1e7940465109554e961318d3ecf6e172013209a42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c64394edc6c571c744044cb1e7940465109554e961318d3ecf6e172013209a42
SHA3-384 hash: cca8f3889bccbec0dfc473afd7ec23d787117f83cd2c56b6303559a13d9cbffe9962342406d009a943ac60c18e638df8
SHA1 hash: 562f71f1de6c86cf938054c37a6646fdf033a2d0
MD5 hash: 27a1155bd4866ca01a494f25ac57065a
humanhash: floor-pip-tennessee-louisiana
File name:Purchase order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:421'694 bytes
First seen:2021-02-25 06:38:01 UTC
Last seen:2021-02-26 17:31:45 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:FJl875Jy9V3lAxFV/7OjI5XX68HO2vSVyZV+7V5HmTGAxdGFBO:FJlwe97AxF9v6WO26VyiNZO
TLSH 2694238472018E747206668DA841CF4AEF66923148F6F592F73F054EA6A61F6B30FFD1
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Pornthip Pongsawadarn"<postmaster@lanyard-sh.com>" (likely spoofed)
Received: "from slot0.lanyard-sh.com (slot0.lanyard-sh.com [185.142.24.15]) "
Date: "25 Feb 2021 13:49:03 +0800"
Subject: "PO#78489920002"
Attachment: "Purchase order.zip"

Intelligence

File Origin
# of uploads :
5
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21422.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c64394edc6c571c744044cb1e7940465109554e961318d3ecf6e172013209a42/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-25 06:38:07 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yzbzj3ogyvy4oraejsy6pfaemuijkvhjmeyy2pwpnylsaezatjba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c64394edc6c571c744044cb1e7940465109554e961318d3ecf6e172013209a42

(this sample)

AgentTesla

Executable exe df61b9c866c5ceb278e173814ddf975b70b5b2e9fcbc5b482326e4163c2e1086

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df61b9c866c5ceb278e173814ddf975b70b5b2e9fcbc5b482326e4163c2e1086
  
Dropping
AgentTesla

Comments