MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76e9308a21b0dde26333fd57ac54197994a60307c7437929378e0652a18034a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76e9308a21b0dde26333fd57ac54197994a60307c7437929378e0652a18034a3
SHA3-384 hash: 8e203680876264b5c732f22beec9d4139aedea9286ed39303c9b10face9528beb306b34635db8bd4b2557d2bedb33b22
SHA1 hash: 3eb8fe112895e3b7474d14d82acd74f56492e6e1
MD5 hash: f4f062343274b0e75c78da1b64014005
humanhash: minnesota-illinois-twelve-hawaii
File name:MT CAPE AZALEA V219 PENAVICO 13-10-20.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:638'050 bytes
First seen:2021-04-07 06:01:04 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:8gm7jQE+PwohpKYOiS3KLkrL41RtiM6ltLkhNV5BEoAo:9m7jERpKYOD3KYw1RYM6lANVPko
TLSH 41D423BB8DA1050C47DE2E6D86B3655197F129C9CF45FD27A802FD7C03CA68899B22C3
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: hp0.305.gvuwx.ga
Sending IP: 138.197.194.207
From: "AENAV - Operations" <operation@aenav.com>
Subject: M/T CAPE AZALEA V219 PENAVICO 13-10-20 / Expenses
Attachment: MT CAPE AZALEA V219 PENAVICO 13-10-20.cab (contains "MT CAPE AZALEA V219 PENAVICO 13-10-20.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic-S.28056.20255.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76e9308a21b0dde26333fd57ac54197994a60307c7437929378e0652a18034a3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 04:32:20 UTC
AV detection:
2 of 48 (4.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o3utbcrbwdo6eyzt7vl2yvazpgkkmayhy5bxskjxrydffimagsrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/76e9308a21b0dde26333fd57ac54197994a60307c7437929378e0652a18034a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 76e9308a21b0dde26333fd57ac54197994a60307c7437929378e0652a18034a3

(this sample)

AgentTesla

Executable exe da2d92f0b457ef9553ed1043f410926daa39f4a8605e1725fd547428c59ce023

  
Dropping
MD5 c6d667d6bcc207032756eda7ed63ddfe
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da2d92f0b457ef9553ed1043f410926daa39f4a8605e1725fd547428c59ce023

Comments