MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43d43c758e017d70b63a76aed64dfeaa28b4414f972d73672d7f7dbc7b7dba06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43d43c758e017d70b63a76aed64dfeaa28b4414f972d73672d7f7dbc7b7dba06
SHA3-384 hash: ba088842d25ae71877105e886cc59837235153af3de239b83de53783e9b590dbc467f943394af5631b4d5df6a9563fb6
SHA1 hash: e2e81eff8d12f797a06c6f9bf7e377ea8444d047
MD5 hash: cffbb1b465d2b942360c0aad4c8e21cb
humanhash: helium-nine-eighteen-cold
File name:Payment Confirmation.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:737'188 bytes
First seen:2020-08-31 05:24:33 UTC
Last seen:2020-08-31 07:45:01 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:t0o3ICbkK1dJ0YYasYfqKMrOAG1wPr44zXQOng4cBpKTyp1kVKqq9q4nz8214c:tD3I6kKuYYmfUCf14r8yZNnhqMOz82ic
TLSH BAF423DF8D5E8423561EB2BC3DEBB3A3505BDC7285A29D86841C746091CFE24277BAD0
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email
From: JENNY ZANG <acorrea@televes.com>
Received: from televes.com (unknown [209.58.149.99])
Date: 31 Aug 2020 05:30:57 -0700
Subject: Payment Confirmation
Attachment: Payment Confirmation.zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.Trojan-7.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22041.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43d43c758e017d70b63a76aed64dfeaa28b4414f972d73672d7f7dbc7b7dba06/
Threat name:
ByteCode-MSIL.Trojan.Smartassembly
Create hunting rule
Status:
Malicious
First seen:
2020-08-30 23:19:19 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ipkdy5moaf6xbnr2o2xnmtp6viuliqkps4wxgzznp563y635xida._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/43d43c758e017d70b63a76aed64dfeaa28b4414f972d73672d7f7dbc7b7dba06

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 43d43c758e017d70b63a76aed64dfeaa28b4414f972d73672d7f7dbc7b7dba06

(this sample)

AgentTesla

Executable exe 5f43ed1dd1031fde4fb86f92ed0f656ca4a468ba5a987d6c76b332914dee7d51

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5f43ed1dd1031fde4fb86f92ed0f656ca4a468ba5a987d6c76b332914dee7d51
  
Dropping
AgentTesla

Comments