MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 906786dda4d680bb24ac318d8a808c3c88a46f878cabebabb3141d8b189a50e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 906786dda4d680bb24ac318d8a808c3c88a46f878cabebabb3141d8b189a50e8
SHA3-384 hash: e80d08b5da0057faedf79a7f26aaa35947b2a3e4db0e49335f5bef70308eadc59dcd355d200d532baa1210d7bac7d2a4
SHA1 hash: ea2441c02cb089f3342a4e28142249e4e8558b43
MD5 hash: 9f8cc1b0e4e12feace26fa09730a8502
humanhash: uncle-missouri-oklahoma-asparagus
File name:Pictures,Invoices,5x40ft Containers.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:775'409 bytes
First seen:2020-06-20 06:55:21 UTC
Last seen:2020-06-20 06:56:32 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:ND+lSC7UkDYe3h/PYTRkqjtogG6djBJl7q7O/28cgNZM/veebgrvfBsG85+Izfwq:yds06kqjtcYt6qTHM/vCiOCfwcw7WF
TLSH 1FF4230B01BE602A3CA5D9365BAB4B35878C4407846EEB11537E7DBB8F556B363E3036
Reporter abuse_ch
Tags:AgentTesla Yahoo z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic313-10.consmr.mail.ne1.yahoo.com
Sending IP: 66.163.185.33
From: Amber <pratik.hakim@yahoo.com>
Reply-To: brentdamantel@gmail.com
Subject: Ready For Shipment
Attachment: Pictures,Invoices,5x40ft Containers.z (contains "Invoice.exe")

AgentTesla SMTP exfil server:
smtp.privateemail.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Zmutzy.10.14690.20922.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 06:57:04 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sbtynxne22alwjfmgggyvaemhseki34hrsv6xk5tcqoywge2kdua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 906786dda4d680bb24ac318d8a808c3c88a46f878cabebabb3141d8b189a50e8

(this sample)

AgentTesla

Executable exe 1cf828a8ad1ca3748535b13a7fea8fad80ded652496afd637ec70aefe2d90fb2

  
Dropping
MD5 aa10879b8f8b00c5078521e6f99db403
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1cf828a8ad1ca3748535b13a7fea8fad80ded652496afd637ec70aefe2d90fb2
  
Dropping
SHA256 9d988ed519f6e3f6c1e9baec5fca64bbc07fbcbb09f8dd6a02d4b756d1f4ef6e
  
Dropping
MD5 1af135fb8f6ae323f00e79fdffa28614

Comments