MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47059a1a51e2abdc01bd5c19826c992c01a9dc001c66b1b463ed7aeb44f62f1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47059a1a51e2abdc01bd5c19826c992c01a9dc001c66b1b463ed7aeb44f62f1d
SHA3-384 hash: 2cb55b62d49b7f941c52cda5a9318331db2b5752495c66e62c7ef06a57eefa5bdfec6b41ba30a4164126ef0a94c75383
SHA1 hash: 47449d863ca2c06b3f7321e6b3c83ab2c2785e6f
MD5 hash: 251a4ea81221e9f5e6f44d9b64726543
humanhash: apart-ohio-asparagus-november
File name:INV839.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'255 bytes
First seen:2020-08-14 17:55:34 UTC
Last seen:2020-08-17 21:25:36 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:39zE6JSxaLRtxRWPAUyf0gz07jvWVTBhNQWMH:NoqCAPI/zgY7TWVLNw
TLSH 3F9423DB186859168B8DC6D9C860D9E6793AF3C2F24C6170DF80C6B65DD0FA0E50B1ED
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: sajid@emiratesstars.ae
Subject: RE:RE: INV839 Past due
Attachment: INV839.zip (contains "INV839.exe")

Intelligence

File Origin
# of uploads :
16
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ArtemisCD8DD42144F6.21961.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47059a1a51e2abdc01bd5c19826c992c01a9dc001c66b1b463ed7aeb44f62f1d/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 17:51:55 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4czugsr4kv5yan5lqmye3ezfqa2txaadrtldndd5v5owrhwf4oq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/47059a1a51e2abdc01bd5c19826c992c01a9dc001c66b1b463ed7aeb44f62f1d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 47059a1a51e2abdc01bd5c19826c992c01a9dc001c66b1b463ed7aeb44f62f1d

(this sample)

AgentTesla

Executable exe ac88ad4f977c60a4e265cb5390c408c8979da9d1bb3c9b5c0a3698f359366bbe

  
Dropping
MD5 cd8dd42144f6fca91c4bbc43ea14e64f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac88ad4f977c60a4e265cb5390c408c8979da9d1bb3c9b5c0a3698f359366bbe

Comments