MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 790a961951bf021e325e36f94fac4077f03186cb5f1bd0288c7acac94c3eae87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 790a961951bf021e325e36f94fac4077f03186cb5f1bd0288c7acac94c3eae87
SHA3-384 hash: 1d8416598fcd95298fd7dd2ad8e578b1496c3772fabea41baaa01738edb41adcb301c14901d78e8ec4c76ed1bdbdc980
SHA1 hash: 15e656a95856310c37d1881f04d7c092dca9aafc
MD5 hash: 46dad8da11001f939bac81de70096071
humanhash: autumn-lemon-december-pennsylvania
File name:Transfer doc Returned message content.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:803'903 bytes
First seen:2020-10-13 07:53:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ksmpAB/FKadntEXr9CYnKzHo37Ng1htq//MluLPQ6KcalCinEpDBnbEiGjEhBE7:ksmWePKzYNg0/GuL4GICYgDCtQXk
TLSH F50523D1824D23115DE347094A91E3DD8F9EADF1064FDB734B60882EFAF996B8478970
Reporter abuse_ch
Tags:AgentTesla Endurance zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 162-144-100-85.unifiedlayer.com
Sending IP: 162.144.38.36
From: PAY-U INT'L <sales8@oxy99.in>
Reply-To: PAY-U INT'L <account_payu@f5.si>
Subject: PLEASE CONFIRM
Attachment: Transfer doc Returned message content.zip (contains "Transfer doc & Returned message content.pdf")

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.3009.32419.7261.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/790a961951bf021e325e36f94fac4077f03186cb5f1bd0288c7acac94c3eae87/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-13 06:56:11 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pefjmgkrx4bb4ms6g34u7lcao7yddbwll4n5akemplfmstb6v2dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.10
Link:
https://yomi.yoroi.company/submissions/790a961951bf021e325e36f94fac4077f03186cb5f1bd0288c7acac94c3eae87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 790a961951bf021e325e36f94fac4077f03186cb5f1bd0288c7acac94c3eae87

(this sample)

AgentTesla

Executable exe dbae317e9d39fb5a987c2d0dc6d08c171615c0e9042f576ca4075ddda49fa515

  
Dropping
MD5 8d34c8d18970dc34affbe34bad0cb4f0
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dbae317e9d39fb5a987c2d0dc6d08c171615c0e9042f576ca4075ddda49fa515

Comments