MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd68a6f441658a254c3346445af4a8e36dc7142173723f3c0569c2768cca72d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd68a6f441658a254c3346445af4a8e36dc7142173723f3c0569c2768cca72d8
SHA3-384 hash: d1aacfb2ceccd2d1ab6c3b3135207e7512dbff92ae4c2c19ac84613ed7f663dc0f0bf5380cb0f39916f442285a214bd3
SHA1 hash: 79dd123c9479cf5fb6d0368568613b215999031c
MD5 hash: 49525fefb5fcd72343489fc6ec404bf9
humanhash: london-neptune-nitrogen-don
File name:Revised invoice.pdf.gz.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:526'485 bytes
First seen:2021-03-20 06:39:14 UTC
Last seen:2021-03-20 09:06:13 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:3GUyQk3jof96Y+A845msSsBMr49FWqTM0pAYkAUmM:Jlk3S9HD84c3sA4aqo0pljUmM
TLSH 21B4231D11B7B8A1343B73962B5286FD3ECE511E85DA988EDAC04B1FEC04FA89D15D23
Reporter cocaman
Tags:AgentTesla gz INVOICE


Avatar
cocaman
Malicious email (T1566.001)
From: "Brandon Mandelbaum <doctacionanm@agnamex.com.mx>" (likely spoofed)
Received: "from diossa.com.mx (u21557617.onlinehome-server.com [198.251.79.161]) "
Date: "Fri, 19 Mar 2021 05:03:30 -0700"
Subject: "Aviso de pago - Ref. Aviso[G1117599144] / Pago prioritario.#"
Attachment: "Revised invoice.pdf.gz.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
260
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd68a6f441658a254c3346445af4a8e36dc7142173723f3c0569c2768cca72d8/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-03-20 02:52:20 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvukn5cbmwfcktbtizcfv5fi4nw4ofbbonzd6pafnhbhndgkolma._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/cd68a6f441658a254c3346445af4a8e36dc7142173723f3c0569c2768cca72d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz cd68a6f441658a254c3346445af4a8e36dc7142173723f3c0569c2768cca72d8

(this sample)

AgentTesla

Executable exe 640857d027059d3b44417bc66b120b8c0841d7d7a072aa458b4be41a9e58b92e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 640857d027059d3b44417bc66b120b8c0841d7d7a072aa458b4be41a9e58b92e
  
Dropping
AgentTesla

Comments