MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebc9be49db8a035dc8e8e9432361ba724a1dbba082ad4b322c588cbc78b34747. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebc9be49db8a035dc8e8e9432361ba724a1dbba082ad4b322c588cbc78b34747
SHA3-384 hash: 5614c330b28fc999fee4ad921d1b479bc8362eec239b96a8e7efb1c142a0ced615cefefce7ad1518db67c9f18f35cd1f
SHA1 hash: d141bba330535bb614cfae04ffda716f8dd88e43
MD5 hash: e0b17eb8f03fdad9967b42d80193c5cd
humanhash: ten-ack-bravo-mobile
File name:NEW PO567.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:731'870 bytes
First seen:2020-11-06 19:14:12 UTC
Last seen:2020-11-09 06:00:24 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:WHKXNAzSKgmTqp0r6Gx2timAOj4nsvwlylXlKhvsxfu33DuEQP8Qr4h9FtVBXQmF:WHwKgkq2uGx2omF2UwlSXHxW33DuEKBy
TLSH D8F43378469AEB186920EC6CC993F66593D91F0727B4870866CCE3166F743CB36B6C4C
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "<Sales>sales@perfectrfid.com" (likely spoofed)
Received: "from perfectrfid.com (unknown [62.113.215.212]) "
Date: "6 Nov 2020 19:42:02 +0100"
Subject: "REVISED P.O7764!"
Attachment: "NEW PO567.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.18832.19548.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebc9be49db8a035dc8e8e9432361ba724a1dbba082ad4b322c588cbc78b34747/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 17:15:47 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pe34so3ribv3shi5fbsgyn2ojfb3o5aqkwuwmrmlcgly6fti5dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ebc9be49db8a035dc8e8e9432361ba724a1dbba082ad4b322c588cbc78b34747

(this sample)

AgentTesla

Executable exe acef7155f56a1434770c602a92ebf4945474ad85e9382df19ff5d3ffee461423

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 acef7155f56a1434770c602a92ebf4945474ad85e9382df19ff5d3ffee461423
  
Dropping
AgentTesla

Comments