MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48bee329d71bec06c3a3a1b3022dc76de184ffb2c29c73f4d49957c277f0b521. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 48bee329d71bec06c3a3a1b3022dc76de184ffb2c29c73f4d49957c277f0b521
SHA3-384 hash: 168e9583aee4d7b89d879c1766b31c3b65f2bc7926b1ca26642e58a27b67d0ccc844e863e0bcd21a03233bab68884101
SHA1 hash: 665231021c37eed68a5e81ee231c114e513c5cba
MD5 hash: 5744e3f37d25c3ea5dac6af3df6c4947
humanhash: bravo-winter-washington-snake
File name:IMG_001-Seafood Details And Speification For New Order 2020.zip
Download: download sample
Signature AgentTesla
File size:405'179 bytes
First seen:2020-06-29 19:17:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:PTFBEtijyi6vxwCwWshXXmZQHeVsYDMHnt:PZdWZvxcW6waeeaMHnt
TLSH 9B84230BA9E52B3C9B59FC30A24DD42689CB4DE444A3D15A2A7E581D13734B364E2FF3
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: cloud.criticalserver5.net
Sending IP: 140.82.30.135
From: humberto.elizondo@bwplazamonterrey.com
Subject: Re: Waiting For Quotation
Attachment: IMG_001-Seafood Details And Speification For New Order 2020.zip (contains "IMG_001-Seafood Details And Speification For New Order 2020.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 31
Origin country FR FR
ClamAV SecuriteInfo.com.MSIL.GenKryptik.ENGK.190.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/48bee329d71bec06c3a3a1b3022dc76de184ffb2c29c73f4d49957c277f0b521/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agenttesla
First seen:2020-06-29 19:19:03 UTC
AV detection:28 of 48 (58.33%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 48bee329d71bec06c3a3a1b3022dc76de184ffb2c29c73f4d49957c277f0b521

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments