MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c582997af56bda27246a449d31cddd30b76b52d63a9bd71468aa60599cdaaf0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
AgentTesla
Vendor detections: 6
| SHA256 hash: | c582997af56bda27246a449d31cddd30b76b52d63a9bd71468aa60599cdaaf0a |
|---|---|
| SHA3-384 hash: | 062a06375c1ee3f14cb1fdb478501bb9efc8bf86daa0c789eaa2b530a8b32c035160c607ac19c405be72a5eb17b590c3 |
| SHA1 hash: | 2b13b563601bb0288cfa136c9ed547e3b0ec4ef8 |
| MD5 hash: | 1077cdba6e5a75d3ce2a38ee74aa8f7a |
| humanhash: | sink-massachusetts-edward-blue |
| File name: | invoice.z |
| Download: | download sample |
| Signature | AgentTesla |
| File size: | 270'137 bytes |
| First seen: | 2022-10-31 15:27:42 UTC |
| Last seen: | Never |
| File type: | z |
| MIME type: | application/x-rar |
| ssdeep | 6144:64L7AoNycSMlq6/DbJiHhD4ptT4FC/2b6eg/mXqI/OaDEY:FAEyIf8DktlU61/YqI/OM |
| TLSH | T1364423F7C035B734DFE62C781849D771A31F56D40350D5E6AEA40606E89CE0E3A96A63 |
| TrID | 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1) |
| Reporter |  cocaman |
| Tags: | AgentTesla INVOICE QUOTATION z |
cocaman
Malicious email (T1566.001)From: "alibarrymd@gmail.com" (likely spoofed)
Received: "from one.beracacode.info (beracacode.info [74.208.25.42]) "
Date: "Mon, 31 Oct 2022 14:58:01 +0100"
Subject: "RE: POLITE REMINDER FOR QUOTATION REQUEST"
Attachment: "invoice.z"
Intelligence
File Origin
# of uploads :
1
# of downloads :
234
Origin country :
n/a
File Archive Information
This file archive contains 3 file(s), sorted by their relevance:
| File name: | lwhpanbsqcc.q |
|---|---|
| File size: | 7'751 bytes |
| SHA256 hash: | d074785d93a9c6d35f4d6a74f3c126ded9d0838d8d3fd48da8e17e315908bc0f |
| MD5 hash: | a3e56828500ee9460f0d0a95729e108d |
| MIME type: | application/octet-stream |
| Signature | AgentTesla |
| File name: | gnkjqzftno.exe |
|---|---|
| File size: | 6'144 bytes |
| SHA256 hash: | d463ea06006b8bcb47b1af63a5aad98da58e6bd11015be488567c63f533852c7 |
| MD5 hash: | a629cefc7c973fdf6b6ee297ca2118b8 |
| MIME type: | application/x-dosexec |
| Signature | AgentTesla |
| File name: | zhrwlbqi.j |
|---|---|
| File size: | 302'080 bytes |
| SHA256 hash: | ff6abc23a37da8ea942586f424676358f0807036d17664a1e0d3c4ffb1c1143d |
| MD5 hash: | b5c3c0e794d565d7b5d9c45cfe995398 |
| MIME type: | application/octet-stream |
| Signature | AgentTesla |
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.AgentTesla
Status:
Malicious
First seen:
2022-10-31 13:54:34 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
22 of 39 (56.41%)
Threat level:
5/5
Detection(s):
Malicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.98
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
AgentTesla
z c582997af56bda27246a449d31cddd30b76b52d63a9bd71468aa60599cdaaf0a
(this sample)
exe Delivery method
Distributed via e-mail attachment
Dropping
AgentTesla
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.