MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7be0b7bcedabb4176c881a8354a7f3f2bfe23b3e608e77ca9aede0b838b4b2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7be0b7bcedabb4176c881a8354a7f3f2bfe23b3e608e77ca9aede0b838b4b2a
SHA3-384 hash: ce0e83959379d302b8eb126d3d191b3123d0640042cf5e611042b4e43cf0959be9d79029295edc122e058d7955da9961
SHA1 hash: 04c6c44972fbf6a56ce2e45fb31f621410361af2
MD5 hash: c417066d73e4977a8f6fb443617f9e2f
humanhash: sink-oscar-december-robin
File name:Purchased Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:426'357 bytes
First seen:2020-10-20 05:22:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:7gSfRrGp6Vz4pymkva+JexnJNLsroaPezprwl:8SJ4gM5hpJNQp2drwl
TLSH FB9423FBD90B8AB0EF2CF1E50277BF54DB24E7745392B838CBA849D169015990668F18
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""SAFELINE INDUSTRIAL CO., LTD" <sales5@cnsafeline.com>"
Received: "from de05.enroot.cloud (de05.enroot.cloud [89.22.105.49]) "
Date: "Tue, 20 Oct 2020 02:48:12 +0100"
Subject: "REQUEST FOR THE PURCHASE ORDER QUOTATION."
Attachment: "Purchased Order.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.19862.20567.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7be0b7bcedabb4176c881a8354a7f3f2bfe23b3e608e77ca9aede0b838b4b2a/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 02:43:22 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=467aw66o3k5uc5wiqgudkst7h4v74i5t4yeoo7fjv3paxa4ljmva._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e7be0b7bcedabb4176c881a8354a7f3f2bfe23b3e608e77ca9aede0b838b4b2a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e7be0b7bcedabb4176c881a8354a7f3f2bfe23b3e608e77ca9aede0b838b4b2a

(this sample)

AgentTesla

Executable exe 7111d53f0aadacbcfcfcddd68810a4ee3042e5e532457186ee3fdc5618063d45

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7111d53f0aadacbcfcfcddd68810a4ee3042e5e532457186ee3fdc5618063d45
  
Dropping
AgentTesla

Comments