MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49b1597be52007755897ec207af1f1860ac70c9765b5bad05b690d980bb4096b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49b1597be52007755897ec207af1f1860ac70c9765b5bad05b690d980bb4096b
SHA3-384 hash: c0469f0f5c161b6ca87d345b594fb2c0a3c2f374303eee9c29dd1ebecbd3445485cedc4113cc6a8b8e06a912822efd13
SHA1 hash: e9e827b99ed3defe33922973e4bc7f1235ac7d4f
MD5 hash: 4889c6c7da164420213204cf57029e06
humanhash: july-zulu-vermont-lion
File name:proforma invoice.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:514'628 bytes
First seen:2020-11-26 10:30:52 UTC
Last seen:2020-11-27 06:48:08 UTC
File type: z
MIME type:application/x-rar
ssdeep 12288:JtOg6m9P03vnlVa/VibFjOmVXoWDXI/2IoFDT3hJMEm:2/lVati5jXFDXI/0xTw
TLSH 87B423B2CB5DF87E18F904C7992A089314E9FEB5BD5024EA1A09676F8AF0C8B4775490
Reporter cocaman
Tags:AgentTesla z


Avatar
cocaman
Malicious email (T1566.001)
From: "Jang<info@indoconindia.com>" (likely spoofed)
Received: "from indoconindia.com (unknown [92.118.190.190]) "
Date: "27 Nov 2020 07:36:14 +0100"
Subject: "PROFORMA INVOICE!"
Attachment: "proforma invoice.z"

Intelligence

File Origin
# of uploads :
8
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49b1597be52007755897ec207af1f1860ac70c9765b5bad05b690d980bb4096b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-11-26 10:31:04 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jgyvs67feadxkwex5qqhv4prqyfmodexmw23vuc3negzqc5ubfvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 49b1597be52007755897ec207af1f1860ac70c9765b5bad05b690d980bb4096b

(this sample)

AgentTesla

Executable exe eed9c06050ec45f480528543bba5e3176158763beda21f62220bde77f0bdeb3e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eed9c06050ec45f480528543bba5e3176158763beda21f62220bde77f0bdeb3e
  
Dropping
AgentTesla

Comments