MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e7e065a0184b672999d00717e449f1e28aeb66eec736a3c25ad1f8c39f3449f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4e7e065a0184b672999d00717e449f1e28aeb66eec736a3c25ad1f8c39f3449f
SHA3-384 hash: d20ec9be26ebb7e728691f17e7f890526a383a30efd7b01ef103291cf35ff99ea28decbc04cf6735c411d9097177c33b
SHA1 hash: 6fdbe1423f1cb47aba9a36fb1d9bd8980b9610e3
MD5 hash: df9cee4a92259374135599ea072c0de0
humanhash: crazy-solar-nebraska-artist
File name:BFQweIde5A03Cll payment PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'006'690 bytes
First seen:2021-02-05 05:52:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HXjbCMzg8sWyGgU12ynGLjXR/IlMJiIRGWqm/j2CkDsQ2Jl1wydXzbvjq85ETbW/:HXjjgZQVdGZKreGECCkg7bSydXD5E/nm
TLSH 5625339A5E3F584B09152FABE3030F487AA770743D15AACAD12617B34E12DEFC8674C9
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "reservas@marthadumicevt.com" (likely spoofed)
Received: "from marthadumicevt.com (unknown [185.136.169.127]) "
Date: "04 Feb 2021 08:52:44 -0800"
Subject: "OUTSTANDING PAYMENT SINCE LOCKDOWN "
Attachment: "BFQweIde5A03Cll payment PDF.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4e7e065a0184b672999d00717e449f1e28aeb66eec736a3c25ad1f8c39f3449f/
Threat name:
ByteCode-MSIL.Trojan.Avemariarat
Create hunting rule
Status:
Malicious
First seen:
2021-02-04 21:02:45 UTC
File Type:
Binary (Archive)
Extracted files:
37
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jz7amwqbqs3hfgm5abyx4re7dyuk5nto5rzwupbfvupyyoptispq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4e7e065a0184b672999d00717e449f1e28aeb66eec736a3c25ad1f8c39f3449f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4e7e065a0184b672999d00717e449f1e28aeb66eec736a3c25ad1f8c39f3449f

(this sample)

AgentTesla

Executable exe 086678dd529edfefa648310df4fe02c88b97b3c3dfdca8b779511186b8ae543b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 086678dd529edfefa648310df4fe02c88b97b3c3dfdca8b779511186b8ae543b
  
Dropping
AgentTesla

Comments