MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7658cda0cb9aeca859ce59fef2cd90bc2a43064b6c40b8f7271b183c49ad70fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7658cda0cb9aeca859ce59fef2cd90bc2a43064b6c40b8f7271b183c49ad70fe
SHA3-384 hash: d2ab6bf294380c166e3e8ea98f216ed6e6d202599445a925fefa844fe3d3f0c09c4bac7cbd21e67f7b39fe1d7f17d167
SHA1 hash: fedc9998a0510918e82a777ec3cbafd06a1c4d1d
MD5 hash: 2a7bc397a7a536fe2324a000ab1c831a
humanhash: green-cat-five-king
File name:0009094009000900.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:411'900 bytes
First seen:2020-07-09 18:36:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:B2NUjGqUMKC5S+VAFHvF0Wrh9PkJ4aawd6LOXZ52aOh:UNnMB5S+VeP98P52aOh
TLSH 139423D66D22087B3E8C0B543FBF6998748A036DDD70F4213818E6D847736EA9A53D8C
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nbccomputapes.com
Sending IP: 185.222.57.210
From: sales@nbccomputapes.com
Subject: PO_4130000679_1593759364 / FACTURAS
Attachment: 0009094009000900.z (contains "0009094009000900.exe")

AgentTesla SMTP exfil server:
mail.ereglitso.org.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7658cda0cb9aeca859ce59fef2cd90bc2a43064b6c40b8f7271b183c49ad70fe/
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 18:37:04 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ozmm3igltlwkqwoolh7pftmqxqvegbslnralr5zhdmmdysnnod7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7658cda0cb9aeca859ce59fef2cd90bc2a43064b6c40b8f7271b183c49ad70fe

(this sample)

AgentTesla

Executable exe 46a0eec66fe310840b94df8426bbffb48147f288e8c99dc94e8ff10aec4d263a

  
Dropping
MD5 dd722a34be9ee198f776a91e8b240de8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 46a0eec66fe310840b94df8426bbffb48147f288e8c99dc94e8ff10aec4d263a

Comments