MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fce301b76a30eb27bdb7f6692e1605cab5c74fe0be72425ac15044fbfbc61a7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fce301b76a30eb27bdb7f6692e1605cab5c74fe0be72425ac15044fbfbc61a7d
SHA3-384 hash: bbc1ffc7794b3486448c8264ee938a3413825e747a36606cd9ac7c78f1a4a27364c5628048c4a11d6d764eaea24ca23a
SHA1 hash: a5c0798b2724fab96a495703ecdffa3d64834092
MD5 hash: 0b254b1a7450a740a05eebdc27836e7e
humanhash: enemy-illinois-arkansas-lactose
File name:Purchase Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'193 bytes
First seen:2020-06-08 06:28:54 UTC
Last seen:2020-06-08 06:58:37 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:JoIXxU8MF7VmOyh+Z/e7VLGr0u1/gSGKzYzwlbH+vIFpB4DrA3KVTgfdo1i:qIXxU8gy8ZKA/n0zwP4/A3KVTsx
TLSH 599423E1851EAEBB7E96FC2D409BA30325E28707B16DF89F3D2CDE640F97582016E505
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv.js-networking-1.net
Sending IP: 82.165.67.99
From: Setheesh Kumarr <vinay@corpseed.com>
Subject: Purchase Order
Attachment: Purchase Order.zip (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
mail.ametropolis.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20845.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:30:09 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7trqdn3kgdvsppnx6zus4fqfzk24ot7axzzeewwbkbcpx66gdj6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fce301b76a30eb27bdb7f6692e1605cab5c74fe0be72425ac15044fbfbc61a7d

(this sample)

AgentTesla

Executable exe 5c336599791ce2459fd0fbb6e6acb618be490f62b4136f476d108c59b383e79e

  
Dropping
MD5 4c5885a4ccdb6afc0d49453311ecc363
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5c336599791ce2459fd0fbb6e6acb618be490f62b4136f476d108c59b383e79e

Comments