MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4db699a3d679ce3e0a071b786ce2052fc010bdcb6cd079c84c9cc6ca36547c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4db699a3d679ce3e0a071b786ce2052fc010bdcb6cd079c84c9cc6ca36547c5
SHA3-384 hash: bd7d45118f4f72f85fcc17c5afc3ef2991fbe3c775f61b2c0ef073e7b467b7cec4706ecc5f16c76e6f6c7468d888a66e
SHA1 hash: 499360f69b28ba62c342da50049294a44c068952
MD5 hash: 1b725015740dafe67a4c5371a869a5c7
humanhash: sixteen-romeo-skylark-oven
File name:payment.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:552'286 bytes
First seen:2020-05-05 11:46:07 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:Tzl5Pfk+LFXJFFrYlcosiACzsei9AhJGQhhXfxfHdaQVPhX:Tz/HG+oGkhJGIxfHdaQVpX
TLSH 06C433E344DE1C56E82EF4B1F502212A8AF718E9BB413611DBCE6DE50B66070FDE6391
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sunshinespecialities.com
Sending IP: 156.96.45.195
From: Regional Sales Rep<MohammadFalasha@sunshinespecialities.com>
Subject: Fw: Re order payment
Attachment: payment.pdf.z (contains "payment.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Occamy
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 12:36:23 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ytnwtgr5m6oohyfaog3yntrakl6acc64w3gqpheezhggzi3fi7cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z c4db699a3d679ce3e0a071b786ce2052fc010bdcb6cd079c84c9cc6ca36547c5

(this sample)

AgentTesla

Executable exe 2cc751e49102e0247cf1504b1fff13a1f4d6c2c406a62c934b7316bd48972c2c

  
Dropping
MD5 cd9a89695a0b6893c886599d993cff55
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2cc751e49102e0247cf1504b1fff13a1f4d6c2c406a62c934b7316bd48972c2c

Comments