MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c490578314e3aa3b7b67cf18ef5e290aa8c506cd730c1a122c76f0b0a745a43f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c490578314e3aa3b7b67cf18ef5e290aa8c506cd730c1a122c76f0b0a745a43f
SHA3-384 hash: 8707ba2da9c49a4e4d1b7ac3912e244cc77b6dcde16302e2dd93e5a4e789cd8338cc3cb96cae0278359343793f791c08
SHA1 hash: 08fc733706bc22971eac0a38c7da64f74ca7cf61
MD5 hash: 2eac3c7b4afeb1537f88bebf79dc51a5
humanhash: undress-happy-speaker-india
File name:ScansPDF Purchase Order# PDF MARKLPO0520242024 & 147002024 PDF.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:651'564 bytes
First seen:2024-06-21 09:21:30 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 12288:cBdfmbZB1lFD6BsxalZBF8SVXCMEO0gH3gvr3wGAJ6y7oyIUifXdF6RcBhz1:cBZm3J6Bs8tDV5QvjwbJ6y7oFUifXnBD
TLSH T1ADD42335F8C9520A24EBAF85318BC12D21CFB07235DA9C53F53D1DF6D992CA284ACA75
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla uue


Avatar
cocaman
Malicious email (T1566.001)
From: "REEMA AGARWAL <lyra@ereapar.com>" (likely spoofed)
Received: "from ramen.ereapar.com (ramen.ereapar.com [194.169.172.197]) "
Date: "21 Jun 2024 09:20:30 +0200"
Subject: "Purchase Order# PDF MARK/L/PO/052024/2024 & 14700/2024-June/July"
Attachment: "ScansPDF Purchase Order# PDF MARKLPO0520242024 & 147002024 PDF.uue"

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
CH CH
Vendor Threat Intelligence
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade packed
Link:
https://www.filescan.io/uploads/6675463d910ce98966fa4335/reports/a4f11dba-0819-4901-ab05-b3c65f3e90d3/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c490578314e3aa3b7b67cf18ef5e290aa8c506cd730c1a122c76f0b0a745a43f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c490578314e3aa3b7b67cf18ef5e290aa8c506cd730c1a122c76f0b0a745a43f/
Threat name:
ByteCode-MSIL.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2024-06-21 09:21:33 UTC
File Type:
Binary (Archive)
Extracted files:
35
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ysifpayu4ovdw63hz4mo6xrjbkumkbwnomgbuermo3ylbj2fuq7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/c490578314e3aa3b7b67cf18ef5e290aa8c506cd730c1a122c76f0b0a745a43f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

uue c490578314e3aa3b7b67cf18ef5e290aa8c506cd730c1a122c76f0b0a745a43f

(this sample)

AgentTesla

Executable exe 09e3e78eca5cf1f5474e8998e3f87f9268f127f77bf306443855a7ae5244e15c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09e3e78eca5cf1f5474e8998e3f87f9268f127f77bf306443855a7ae5244e15c
  
Dropping
AgentTesla
  
Dropping
MD5 27475ff31baf16cb03aba6ef7fbb9dc9

Comments