MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4c04622f478c2ed7c34ac973a67c248dca5782a6eaac1adeeed2d67b59494b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: b4c04622f478c2ed7c34ac973a67c248dca5782a6eaac1adeeed2d67b59494b7
SHA3-384 hash: b1d3a112c7b7c1c224cbf0a613ff77e1502d019d859024e107dc3d011a64baef2d06547e5883e66b010458ac56218a8c
SHA1 hash: 7196fddae53d45f08fc23a3df227852c94c4d2dd
MD5 hash: 87ec72dde044c98854d69c8d5f8ce103
humanhash: princess-one-march-football
File name:Factura comercial.pdf.gz
Download: download sample
Signature AgentTesla
File size:597'733 bytes
First seen:2020-07-31 08:25:18 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:YlhbuE3QTedLchpc/JOhKPnasSgjdYUFAtpwgkDM9cbucwP:0pTgTeZnpnGCd52pDYucwP
TLSH 62D423D574A8B2C237C1A96CD1C942306BC386E407D12DACB4F4C5EF99F39F645A3A61
Reporter @abuse_ch
Tags:AgentTesla DHL gz


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: mail.a3p.mx
Sending IP: 66.113.180.183
From: DHL EXPRESS <nancy.franco@dhl.com>
Subject: FW: Su notificación de envío de DHL: 6278216733
Attachment: Factura comercial.pdf.gz (contains "Factura comercial.pdf.exe")

AgentTesla SMTP exfil server:
mail.trademaxperu.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
32
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Status:
Malicious
First seen:
2020-07-31 08:27:04 UTC
AV detection:
23 of 48 (47.92%)
Threat level
  5/5
Threat name:
Legit
Score:
0.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b4c04622f478c2ed7c34ac973a67c248dca5782a6eaac1adeeed2d67b59494b7

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments