MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f962146b7809bb96a77b0c04bdc53af2f514ce42a76610ef1e93547b9cd8d15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f962146b7809bb96a77b0c04bdc53af2f514ce42a76610ef1e93547b9cd8d15
SHA3-384 hash: 6a78a9c36d52fa378e46dd7379a26e9abd3381fdea4407439994a0f65a60f98e770e91b9eda924c4f7baf77aa9390332
SHA1 hash: b3c6779935178270f28bdaa0dc0f866228f5cf60
MD5 hash: 17437fdaf69d2c2fd78b181225a3689c
humanhash: papa-apart-uncle-massachusetts
File name:factura.pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:521'300 bytes
First seen:2020-06-08 19:12:14 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:b0jfZsa6O8BscCMH/m66OxJJkTO17fK285DoU:4jCzYZMHuZOTJkTOQ2ADX
TLSH 02B423D2E89482D4EF8EF64D21975138B484552E8D74DAB2389A2FFD024FB73780C66D
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.euromaster.es
Sending IP: 82.223.70.126
From: Miguel Escobar <logistica@carpyasociados.com>
Subject: PAGO DEL SALDO
Attachment: factura.pdf.7z (contains "factura.pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 19:14:05 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j6lccrvxqcn3s2txwdaexxctv4xvcthefj3gcdxr5e2upoonrukq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 4f962146b7809bb96a77b0c04bdc53af2f514ce42a76610ef1e93547b9cd8d15

(this sample)

AgentTesla

Executable exe f6c83d4d0ae6740caa2b34b14d8dc8c5853b11b6fb947c7299353de43fe12ac5

  
Dropping
MD5 c08526762a3274accbffd2ecfb29c2bc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f6c83d4d0ae6740caa2b34b14d8dc8c5853b11b6fb947c7299353de43fe12ac5

Comments