MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95fa4b042c5edb3c62969857658b8a86a710c0ab1c1b10a676aa7ab3cb2f3ceb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95fa4b042c5edb3c62969857658b8a86a710c0ab1c1b10a676aa7ab3cb2f3ceb
SHA3-384 hash: c673097e3125d9e71217fe99ca7d8acec61e6f257c9e851ec25daa3a63a1bc53920e55bdb979fd100681500ccbecb1ed
SHA1 hash: b999d35ed1472bb36894ae771ca4c6e719716d8c
MD5 hash: 69e21d188c679bde51c9498169d1a19f
humanhash: quebec-tango-july-chicken
File name:PO 4300000379.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:923'410 bytes
First seen:2020-10-12 05:56:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:WqpaSP89LO8EcJ0wiDV3xhnlw5Hv0sLOplU+w9/9o3wPaHi/Jm:dW9amJ0DDpaZNOjMHo3Hi/M
TLSH 3115237728DFC959E0461CEBA7A366948935B843AB5BC0E860DDB08439230839F5F7C7
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: tassgroup.com
Sending IP: 103.99.1.146
From: PURCHASE DEP<vsb@tassgroup.com>
Subject: Re: Invoice & Packing List
Attachment: PO 4300000379.zip (contains "PO# 4300000379.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95fa4b042c5edb3c62969857658b8a86a710c0ab1c1b10a676aa7ab3cb2f3ceb/
Threat name:
ByteCode-MSIL.Trojan.Perseus
Create hunting rule
Status:
Malicious
First seen:
2020-10-12 01:02:56 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sx5ewbbml3ntyyuwtblwlc4kq2trbqfldqnrbjtwvj5lhszphtvq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/95fa4b042c5edb3c62969857658b8a86a710c0ab1c1b10a676aa7ab3cb2f3ceb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 95fa4b042c5edb3c62969857658b8a86a710c0ab1c1b10a676aa7ab3cb2f3ceb

(this sample)

AgentTesla

Executable exe 49c588e26e3d49fb126a3d683370820817111f53f145e7e294b223745a18a0f7

  
Dropping
MD5 45b95fef12379d805b41e2f01b02c07e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 49c588e26e3d49fb126a3d683370820817111f53f145e7e294b223745a18a0f7

Comments