MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adbadbfdd03e7e142aa7339353f11e82561594ee2ceb2f244a2ccdd1ddb1de1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	adbadbfdd03e7e142aa7339353f11e82561594ee2ceb2f244a2ccdd1ddb1de1e
SHA3-384 hash:	f0d220e8c8e46e7c0834e26eae5608aa9e5269aa96f6e0de0037c8dc9636ff8ce0fae514b98427196a38a9195ed63792
SHA1 hash:	25923c6972fe0da9c2d8381f883bbde92ed58ba4
MD5 hash:	1b3210c320e57ba5fbd7fb9832848225
humanhash:	quebec-beer-william-summer
File name:	payment invoice_pdf.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'038'212 bytes
First seen:	2020-05-13 10:06:10 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:s8fB2jMXoWpz7cihM/KXnu9NHX/Ne432FQ9VoIVTDi:s852Hkz1KCu73lNmFQHoIRi
TLSH	142533D8F1477EC65DEC6A2162503D237FB40B42A7BC16C1AC8EF358CE6B85E5918293
Reporter	abuse_ch
Tags:	AgentTesla COVID-19 zip

abuse_ch

Malspam distributing AgentTesla:

HELO: mail.primetechmachinery.com
Sending IP: 192.99.54.229
From: Shabeer M. T. <shabeermt@remegfeed.com>
Subject: Payment Assistance Due To Covid-19 Pandemic
Attachment: payment invoice_pdf.zip (contains "payment invoice_pdf.exe")