MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9
SHA3-384 hash: b7f0be0c790ea8f2a61d360af0cbe68189446c76d537367c9dcdacf7444a8a14cdba23eaa3d0a3a7db40d63b02b69992
SHA1 hash: 6034c7fe06781050be097c3f10bf4e364060ae8c
MD5 hash: bb26b5a2b00e7a946acbfc2694f93b74
humanhash: sixteen-apart-lake-potato
File name:Quotation.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:470'735 bytes
First seen:2020-08-08 08:30:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:I095wxTX6vxJBplUwrPGOG88Dy+eZDL61:I09fvV2Oz8AZf61
TLSH 60A423D257A22A0BD47CFD72B176A47B479BA00C0A79A91CA7903803E0E56774E47CC9
Reporter abuse_ch
Tags:AgentTesla Yahoo zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic316-54.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.187.180
From: Pan mechanic <panmechanic@panmechanic.com>
Subject: Fw: PURCHASE ORDER AND INQUIRING
Attachment: Quotation.zip (contains "J6NLUnAQN1LMjkH.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FXY241387D95CEA.17455.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 08:32:07 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jwal7k4u4dvi4hc3rokolzfm6ocznqa33bu2jkeq7xp3h7fqi24q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4d80bfab94e0ea8e1c5b8b94e5e4acf38596c01bd869a4a890fddfb3fcb046b9

(this sample)

AgentTesla

Executable exe a7f24f863c3e86db31552f6c91365ae54b272594ee446a5a8ab658ac42a26eae

  
Dropping
MD5 241387d95cea5198a87f85023de031fc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a7f24f863c3e86db31552f6c91365ae54b272594ee446a5a8ab658ac42a26eae

Comments