MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da063e9e8353ae68bef38160c8092833bdb3fd4399ffb8ab5958718b51055b56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da063e9e8353ae68bef38160c8092833bdb3fd4399ffb8ab5958718b51055b56
SHA3-384 hash: d720f8f4259ad14f7394b8ac2399db2bfc6fa705417e6720df67498b49aeeacd4d7337419e0d31d7f59f3da34e4aaae2
SHA1 hash: dfa56d6b05fac5c62aa548646b9cd02af7396d9a
MD5 hash: b4ef2863725e3925666c8e785812a81c
humanhash: jig-lamp-sierra-ohio
File name:Po_HANGHING_01.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:560'268 bytes
First seen:2021-01-14 20:11:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:mA76tDO9pGubr8rG9dWM9PpTJ8elrinKz7p0SBJjW/eaAVrF/TO0iVCqZIh95:VetDO9phfj9dHPpnmKz2IJQeXxTO0iBo
TLSH A5C42358BD7155BD3C992E52D41AA8C04AE0F019DB73D4EB7C3E409C29EAAD27C78C36
Reporter abuse_ch
Tags:AgentTesla geo KOR zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mimiworld.co.kr
Sending IP: 45.137.22.59
From: 임소연 <yim@mimiworld.co.kr>
Subject: NEW ORDER (JAN.) - HANG HING
Attachment: Po_HANGHING_01.zip (contains "Po_HANGHING_01.exe")

AgentTesla SMTP exfil server:
smtp.shakurjay.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
155
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1480.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da063e9e8353ae68bef38160c8092833bdb3fd4399ffb8ab5958718b51055b56/
Threat name:
Win32.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 20:12:13 UTC
AV detection:
13 of 44 (29.55%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3idd5hudkoxgrpxtqfqmqcjigo63h7kdth73rk2zlbyywuiflnla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/da063e9e8353ae68bef38160c8092833bdb3fd4399ffb8ab5958718b51055b56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip da063e9e8353ae68bef38160c8092833bdb3fd4399ffb8ab5958718b51055b56

(this sample)

AgentTesla

Executable exe 370b50f749870847982003ab983f756257364b973366df915ce77db4fd140936

  
Dropping
MD5 de2b919d253e56813a7cbc13b062acc2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 370b50f749870847982003ab983f756257364b973366df915ce77db4fd140936

Comments