MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2e3bfa94cd8e5f3a648452fc35fc08e65659a61d97f0daa1f560c97f65bffd2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2e3bfa94cd8e5f3a648452fc35fc08e65659a61d97f0daa1f560c97f65bffd2
SHA3-384 hash: 262eb5286ae04b606cb43334e567149e5345a40ee50326d0f5e9ac77e50af7bea6e4e3c4fd04fed228d9fc7a0798d294
SHA1 hash: b2fe7aaa7ec610fa8d1ba8cc071cafcd75e45def
MD5 hash: 3773579554f0cb854737a0e0cc08dfdc
humanhash: orange-green-wyoming-gee
File name:NEW ORDER.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:318'520 bytes
First seen:2020-09-29 05:27:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:l8fgRbwwIkPtpT7FInXLGzQCo6GMEGdBXenByNO4T2uvtGbag2OQ:UqbwOFpZCkQCo6WKencA5baQQ
TLSH 696423985953C523DCC22BF92222B2074F7926ABE936A837356EF773567386F2017025
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Leonard.J.Pratt<soliotexmegatrade@outlook.com>"
Received: "from postfix-inbound-1.inbound.mailchannels.net (inbound-egress-2.mailchannels.net [35.161.220.134]) "
Date: "28 Sep 2020 20:05:21 -0700"
Subject: "NEW ORDER"
Attachment: "NEW ORDER.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24143.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d2e3bfa94cd8e5f3a648452fc35fc08e65659a61d97f0daa1f560c97f65bffd2/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2020-09-29 00:07:05 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2lr37kkm3ds7hjsiiux4gx6arzswlgtb3f7q3kq7kygjp5s377ja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zapchast
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d2e3bfa94cd8e5f3a648452fc35fc08e65659a61d97f0daa1f560c97f65bffd2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d2e3bfa94cd8e5f3a648452fc35fc08e65659a61d97f0daa1f560c97f65bffd2

(this sample)

AgentTesla

Executable exe b14f41c4f83029cffe92e95429c9facb34c7f7b0378d61e7dbad92415f6abb58

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b14f41c4f83029cffe92e95429c9facb34c7f7b0378d61e7dbad92415f6abb58

Comments