MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 477b21660b3ecaf3a5822b9c46a8b0790755b7506c6ea1933177cd82bcf440ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 477b21660b3ecaf3a5822b9c46a8b0790755b7506c6ea1933177cd82bcf440ef
SHA3-384 hash: 9f73fc95bb3153433628a7607cf6045e8c26e42238d793e2980a6170a6ba69ee08559f2202d03bb3b46824823efd220b
SHA1 hash: 5ce6fb416c6ff1b2f25315fc20aed00ef06c367b
MD5 hash: 425d2299a175933b983b6b48b35113f8
humanhash: lemon-quiet-maryland-video
File name:INVOICE.zip
Download: download sample
Signature AgentTesla
File size:391'441 bytes
First seen:2020-06-30 08:53:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:N0vZaY7X5ytG+8bAsu4kvFVKc0nguR9PEiPZd3+2Z:N0v77aG+rs6FVKdPZdO2Z
TLSH E584234ACFD5900EF19A14BE041041C8AFE80E7E11E9765BEE2763BFDFB754086925E2
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-743240.hostwindsdns.com
Sending IP: 104.168.133.192
From: Hassan <infouae@igitgroup.org>
Subject: Find attached our order sheet
Attachment: INVOICE.zip (contains "INVOICE.exe")

AgentTesla SMTP exfil server:
smtp.ionos.es:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 25
Origin country US US
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Sanesecurity.Malware.22125.ZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/477b21660b3ecaf3a5822b9c46a8b0790755b7506c6ea1933177cd82bcf440ef/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Zmutzy
First seen:2020-06-30 08:55:06 UTC
AV detection:9 of 48 (18.75%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 16.92%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 477b21660b3ecaf3a5822b9c46a8b0790755b7506c6ea1933177cd82bcf440ef

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments