MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01
SHA3-384 hash: d11b74deebe01ab96abbfb67be590186e6a8ff953b897f09bd6d8fd7966285b268560969e18cdb4bbaeceea30d159e9b
SHA1 hash: 3292f30dfae638075719def529c81d1c3b01e3a2
MD5 hash: dba948ef276c7006efe14939e36b6dd4
humanhash: lamp-rugby-september-pizza
File name:New Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:694'465 bytes
First seen:2021-01-07 14:09:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:eEIZI7ixexuxF6f2Jr8byJaY/fYL2P03YDQ7FiUucTmAd/cWO7d1AFFee3L2HyIo:eveUexS8U7JaQYlIDQXuuXd2d1Ap3L2M
TLSH 62E43377721083A069EA42EF708D7B546839203BACC86435F815FB88EEDC2E955C7E57
Reporter abuse_ch
Tags:zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sino-steel.net
Sending IP: 69.12.73.228
From: Chad<sale22@sino-steel.net>
Reply-To: windowlinux551@gmail.com
Subject: New Order Request
Attachment: New Order.zip (contains "New Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20634.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-07 14:10:12 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2kohix4t5exeoi2bt4m4fepz6p3tvtr2riuawuie7pf2ueot5uaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01

(this sample)

AgentTesla

Executable exe 2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe

  
Dropping
MD5 d557f61f0c43966511bd9712b91b134c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe

Comments