MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 686328974221fd1380abec0d7474713fbf8c931a3a325c75ff79935c9fd61d90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 686328974221fd1380abec0d7474713fbf8c931a3a325c75ff79935c9fd61d90
SHA3-384 hash: 2ce2403c5073d6ac59ed2bc3812101023a3a8b077fb793b068d0a2938826adf4a045abc2eff8edb933c21d3929bf0557
SHA1 hash: 3e5dfc62659d0db240910661b2be3aa678385135
MD5 hash: b9d73db4e9b2589e5daea2bf1f543fdd
humanhash: echo-mars-nine-mississippi
File name:Shipping Document_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:578'891 bytes
First seen:2020-11-10 09:36:19 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:38ueKb83uUTOpiAax3J+i9P3EslsdFN0TTrAPxs0/cmmZ:38+83u+y43o4P3xlsdFNUd0vy
TLSH 68C4233A2536F6763CA3EA5EE416B6D086FC9984BC537F73545800AC1F6B29687B0E40
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "COSCO SHIPPING INC <support@coscoexpress.com>" (likely spoofed)
Received: "from svr01.soapmedia.co.uk (svr01.soapmedia.co.uk [83.223.113.93]) "
Date: "Tue, 10 Nov 2020 09:33:15 +0000"
Subject: "ORIGINAL B/L DOCUMENT / PL"
Attachment: "Shipping Document_pdf.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

PUA.Win.Exploit.CVE_2012_1461-1
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/686328974221fd1380abec0d7474713fbf8c931a3a325c75ff79935c9fd61d90/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 08:51:33 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nbrsrf2ceh6rhafl5qgxi5drh67yzey2hizfy5p7pgjvzh6wdwia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 686328974221fd1380abec0d7474713fbf8c931a3a325c75ff79935c9fd61d90

(this sample)

AgentTesla

Executable exe 938f2bb4ae9732027302ba4fb2b0c77a15fe7dcd0a25696b307abb812b58ae17

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 938f2bb4ae9732027302ba4fb2b0c77a15fe7dcd0a25696b307abb812b58ae17
  
Dropping
AgentTesla

Comments