MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47a3b1591f760aea28867794472b94e8c56f484144a24d5b626dab4c5ff7cace. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47a3b1591f760aea28867794472b94e8c56f484144a24d5b626dab4c5ff7cace
SHA3-384 hash: 81467f5766e364f990d13e50b819a0a87083a847c53d511af9a35cf9768272b429e1fe82f4fcd7446c76c11ced63b8a4
SHA1 hash: 958ddcafa1c6391fd43f78b2c7713cf67d3e91a8
MD5 hash: c020a10860d270a665b46c10fb9e3c4a
humanhash: maryland-high-georgia-fillet
File name:orden de compra.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:532'244 bytes
First seen:2020-07-10 17:36:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:OXY8F5jupsrp7uxwcfJ2Q2M9GWmP4TLXicNCpLnj5a:MY8F5upYQuQOYOckp7j5a
TLSH ADB42310EE459A946F1A7053B8473043BEB76387A2FCBDFB5FC496A119BF39D4690088
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jazz.webserverns.com
Sending IP: 173.237.189.171
From: Ariel Natale <anatale@motomec.com.ar>
Subject: Re: Re: orden de compra
Attachment: orden de compra.zip (contains "orden de compra.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Zmutzy.41.15377.9219.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47a3b1591f760aea28867794472b94e8c56f484144a24d5b626dab4c5ff7cace/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 17:38:06 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i6r3cwi7oyfoukego6keok4u5dcw6scbisre2w3cnwvuyx7xzlha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 47a3b1591f760aea28867794472b94e8c56f484144a24d5b626dab4c5ff7cace

(this sample)

AgentTesla

Executable exe 81fd4490cd810f93366708b6f01f7272aa7bc2d6dda02219d18b18b07cda3f4b

  
Dropping
MD5 099b094ce457dba6522ceafaed6ad0f1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 81fd4490cd810f93366708b6f01f7272aa7bc2d6dda02219d18b18b07cda3f4b

Comments