MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 27474c990ba223ff89d638c91e706f1b50c607c58bef7efef185efea85e7dd20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 27474c990ba223ff89d638c91e706f1b50c607c58bef7efef185efea85e7dd20
SHA3-384 hash: 3a5d85855cbc6635db18849f570d7ec7320956fc0df5291aa547661f474371e43095be7de515d82f206b16be1b97396a
SHA1 hash: 52e6b42d0866ce6f8ab728e7d56912017deca760
MD5 hash: bf8e7e5d40a1cdb1c277efde53a43954
humanhash: saturn-purple-pizza-video
File name:Accounting voucher display doc_pdf.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:574'561 bytes
First seen:2021-03-31 06:44:30 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:R61fSIq4/eCD0FvuIOpC/TBrLBDZxr1oFGFkts0xe4XLJ66b+:RISIqSxgzhRx+GF+sye47J6y+
TLSH 88C423BBA8879368D95739FD6B4BC3302FBF145A351E6DD1843460B0F9A24CACE46724
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: slot0.inebenthe.com
Sending IP: 185.121.120.169
From: "Sherin Cherian" <postmaster@inebenthe.com>
Subject: RE: Update:: Pending Payment
Attachment: Accounting voucher display doc_pdf.cab (contains "Accounting voucher display doc_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.9944.25087.22378.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/27474c990ba223ff89d638c91e706f1b50c607c58bef7efef185efea85e7dd20/
Threat name:
ByteCode-MSIL.Trojan.ZmutzyPong
Create hunting rule
Status:
Malicious
First seen:
2021-03-31 06:45:06 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e5duzgiluir77cowhder44dpdnimmb6frpxx57xrqxx6vbph3uqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/27474c990ba223ff89d638c91e706f1b50c607c58bef7efef185efea85e7dd20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 27474c990ba223ff89d638c91e706f1b50c607c58bef7efef185efea85e7dd20

(this sample)

AgentTesla

Executable exe ef4d3f34b44a0a8ad538f2e3190b5754836af692d79003ca083883ba00fc60a9

  
Dropping
MD5 1eac8f5b0920409475e96ef8524cd47e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ef4d3f34b44a0a8ad538f2e3190b5754836af692d79003ca083883ba00fc60a9

Comments