MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 784a771a6c4bebd30e298277853632f485a14867a262295fe5dfd2c4087f6e97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 784a771a6c4bebd30e298277853632f485a14867a262295fe5dfd2c4087f6e97
SHA3-384 hash: f8224afd1ac6ce56341c3d98c6cf48def031219232fcbb3df76575e977caa6613a11f6cb50543594271375cb32510700
SHA1 hash: d2eae0cf00efad230a38930df7eb035c8a5202fc
MD5 hash: bb7cc1b9dc1fe1028dd3bdcf230cfcfa
humanhash: equal-oregon-rugby-ohio
File name:TNT Express_xlxs.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:300'150 bytes
First seen:2020-12-16 06:37:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:AWzRMidZLlfpz5y7nIhzixxGo5YKQJKe1ke2WXwsQJSWD7fX/M7g:A6RMyZxfP0IhuxxGJKe+e2WXwB3fXx
TLSH 5E54231820121FA7C6D1DAB0CD942F178D68A146E557EA32BC5E098FE7DDA2C0F853F9
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "TNT<info@semshred.com>" (likely spoofed)
Received: "from semshred.com (unknown [23.108.57.65]) "
Date: "15 Dec 2020 15:42:30 -0800"
Subject: "Fwd: TNT Invoice: 07833955"
Attachment: "TNT Express_xlxs.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45026453.17966.4638.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/784a771a6c4bebd30e298277853632f485a14867a262295fe5dfd2c4087f6e97/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-16 00:19:30 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pbfhogtmjpv5gdrjqj3yknrs6sc2csdhujrcsx7f37jmicd7n2lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Wlock
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/784a771a6c4bebd30e298277853632f485a14867a262295fe5dfd2c4087f6e97

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 784a771a6c4bebd30e298277853632f485a14867a262295fe5dfd2c4087f6e97

(this sample)

AgentTesla

Executable exe 228fe441663bba29232efd41520bef1ab0d2edeed96e106526ba9193794eb394

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 228fe441663bba29232efd41520bef1ab0d2edeed96e106526ba9193794eb394
  
Dropping
AgentTesla

Comments