MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d269b4d128ecd91b6b54ec215ac78f1f8f47c79db427a4c55adcde79d84099ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d269b4d128ecd91b6b54ec215ac78f1f8f47c79db427a4c55adcde79d84099ba
SHA3-384 hash: 2d89faa1990c42af75e7e289b26f3d1d2ea8a5755e036469d9ba5dd057a255b31da19e380e212f216e487e7f0bd898a6
SHA1 hash: 28328b4588a349f39af85eff8d7bd3c164ae09f9
MD5 hash: b48fe70a8965e39b580949359d59a7f7
humanhash: table-zulu-hydrogen-nevada
File name:Signed New Order - AM2 PO 90664-4890298490303.pdf.exe.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:728'545 bytes
First seen:2020-07-17 05:12:14 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:0wdi09+qGlM77SzvomNmr8ZDwIPaiLqO2qmTmy2ueh/zsmUqw9gdjil1uX:9dis+3OSQwmrmLgBeVsmUqwydjiOX
TLSH 0DF423D0A535B0694DEF80AC044307784C5CAD9392D77ED5DB70DABA26E43BF46A8B70
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email
From: "EXPORT DEPT"<mvplproc@microfinishgroup.com>
Received: from microfinishgroup.com (unknown [185.222.57.154])
Date: 16 Jul 2020 17:30:34 -0700
Subject: PO 90664
Attachment: Signed New Order - AM2 PO 90664-4890298490303.pdf.exe.gz

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.LuheFihaA.12103.26479.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d269b4d128ecd91b6b54ec215ac78f1f8f47c79db427a4c55adcde79d84099ba/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-17 05:14:05 UTC
File Type:
Binary (Archive)
Extracted files:
38
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ju3juji5tmrw22u5qqvvr4pd6hupr45wqt2jrk23tphtwcatg5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d269b4d128ecd91b6b54ec215ac78f1f8f47c79db427a4c55adcde79d84099ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz d269b4d128ecd91b6b54ec215ac78f1f8f47c79db427a4c55adcde79d84099ba

(this sample)

AgentTesla

Executable exe d5151bd37aa74ce1a5782e72bf26630f2df07f1e7cbeb42f45aa2f49645c35a8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5151bd37aa74ce1a5782e72bf26630f2df07f1e7cbeb42f45aa2f49645c35a8
  
Dropping
AgentTesla

Comments