MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf0e3446c32bf34a2b616106e1bf6ee2e03114748ed731f77da881fa6b91fa74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf0e3446c32bf34a2b616106e1bf6ee2e03114748ed731f77da881fa6b91fa74
SHA3-384 hash: 94f847583c4e98b8f16d934c6b4b1590ab224c7f20e4a8269dad0afe415ce9c34848134d2adbc3e25886e3923432a7f5
SHA1 hash: 62d26c9066c3a6fd18f72292579c4c3bc51166bf
MD5 hash: 22a10bee8417c5e0553808bbeb3fef67
humanhash: twelve-zulu-cup-ten
File name:Payment swift 000.247.pdf.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:972'178 bytes
First seen:2020-05-13 10:07:34 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 24576:PSYbAIvdxfOCCr8uVEk34OT5AlS7tFY0g9M:PSOAuG3vOs5ftYO
TLSH C7253328DFDAC2E62A54A07417CFEA26614B74443C7DBE9B57198A24E3045C8CF4FFA4
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv2.servermada.com
Sending IP: 217.16.8.144
From: Masum-ACS-BD <masum@acsnets.com.bd>
Reply-To: uwalchevrolet218@gmail.com
Subject: RE:Payment Advise
Attachment: Payment swift 000.247.pdf.xz (contains "Payment swift 000.247.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 10:36:57 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z4hdirwdfpzuuk3bmedodp3o4lqdcfdur3ltd535vca7u24r7j2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz cf0e3446c32bf34a2b616106e1bf6ee2e03114748ed731f77da881fa6b91fa74

(this sample)

AgentTesla

Executable exe bb959cf2808c00dbce35074844165d736f50f2b0ca81ac56b7818dc7d60c5dd0

  
Dropping
MD5 f68cd3880c9f58b1f10ce6d7dcfa1cc5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb959cf2808c00dbce35074844165d736f50f2b0ca81ac56b7818dc7d60c5dd0

Comments