MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c75601f75b0526970a479f394ce4e34a48a7e80d6ed85a1bf09623fa4f4223ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c75601f75b0526970a479f394ce4e34a48a7e80d6ed85a1bf09623fa4f4223ac
SHA3-384 hash: 284a51fcf1d9457407e1f5762f4fd7b9d699ae3e52ff76ae03d27e129f6ae8a7aff7faf239eb899f192b636debefd50f
SHA1 hash: e65b18712d0d90a988aaf675c1ba0c5f8c7e9069
MD5 hash: 81a6b052ca8a118b026d397e64de0ef4
humanhash: mexico-vegan-yellow-eleven
File name:invoice copy.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'145 bytes
First seen:2020-05-20 08:59:56 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:dRf2/JXCC1SbAsfGlcyR9wYkR8zpQgap7IYzI5GpR0:TiASSbAs8p8u327IYRpq
TLSH EF842353482DB45329030FE70EE3BF14AA5E6BBCD5A9B5CB32F5049A3A1022E7985D35
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: shivamcement.com
Sending IP: 103.99.1.170
From: Accountant <nfo@shivamcement.com>
Subject: paid invoice
Attachment: invoice copy.pdf.z (contains "invoice copy.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 02:20:44 UTC
File Type:
Binary (Archive)
Extracted files:
294
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y5lad523autjocsht44uzzhdjjekp2ann3mfug7qsyr7ut2ceowa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z c75601f75b0526970a479f394ce4e34a48a7e80d6ed85a1bf09623fa4f4223ac

(this sample)

AgentTesla

Executable exe 5d97739cc97650cf14df06ced175d0afd42d789b232bbbcaac1ca2b6eb65a99d

  
Dropping
MD5 b1727f06a7f1bb306f789023143aa236
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d97739cc97650cf14df06ced175d0afd42d789b232bbbcaac1ca2b6eb65a99d

Comments