MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e190e518a11fb74bd318c998a70558443e9d897acdbee5f5dd2d4b836f063ada. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e190e518a11fb74bd318c998a70558443e9d897acdbee5f5dd2d4b836f063ada
SHA3-384 hash: 1c3905c4d4776dd81f6e4455efa4c7238ad9bb292dab01355924ccfbc904204f13ebd8814a1f6ceda4703b69cda1538f
SHA1 hash: d4d433bb8db9d4223696cca0a3d01f81bac08bd7
MD5 hash: fa0c5e22cdc3256e5ebc6b3596a0d4c1
humanhash: solar-ceiling-diet-pluto
File name:INVOICE NO. PI30500111 PI30501121.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:197'977 bytes
First seen:2020-10-15 11:41:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:Sl3ejcSZvkym/KdnFMJGgu40/0mYhSP7qA/jtNszPBPa7LhbIp6KV2nQTovLK:JnsF/VT9OWSqALtNSFa3BIdXTovLK
TLSH 8314129933BEE6324E12BB3F75F46059AD1625D45FB4D8502FFA8023E882723759206F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.kosmoindustries.com
Sending IP: 170.130.183.38
From: PAVLIŠ a HARTMANN s.r.o. <info@kulmanorders.com>
Reply-To: PAVLIŠ a HARTMANN s.r.o. <logspass007@gmail.com>
Subject: PAVLIŠ a HARTMANN s.r.o. -INVOICE NO. PI30500111 & PI30501121
Attachment: INVOICE NO. PI30500111 PI30501121.zip (contains "PAVLIS a HARTMANN s.r.o.-INVOICE NO. PI30500111& PI30501121.exe")

AgentTesla SMTP exfil server:
mail.denafoam.com:587

AgentTesla SMTP exfil email address:
info@denafoam.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.25228.29139.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e190e518a11fb74bd318c998a70558443e9d897acdbee5f5dd2d4b836f063ada/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 11:43:12 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4giokgfbd63uxuyyzgmkobkyiq7j3cl2zw7ol5o5fvfyg3yghlna._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e190e518a11fb74bd318c998a70558443e9d897acdbee5f5dd2d4b836f063ada

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e190e518a11fb74bd318c998a70558443e9d897acdbee5f5dd2d4b836f063ada

(this sample)

AgentTesla

Executable exe f7f3e17c20f154836c56c3ff5e70153969c16be46e1fa0055b801427a6f5dd68

  
Dropping
MD5 e2e0eaf9e813cd53025c3e293297c590
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f7f3e17c20f154836c56c3ff5e70153969c16be46e1fa0055b801427a6f5dd68

Comments