MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 10

Intelligence 10 IOCs YARA 12 File information Comments

SHA256 hash:	e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035
SHA3-384 hash:	02173d1ae83812c7cd10822c3d8a04baab765d8196d4cd4fc56703b2a3540a3a0e18dbd7f746529f03997bd660953573
SHA1 hash:	3375cd86dd4b462825a1a1363c2615d5428feed1
MD5 hash:	7557881164c3d2b5ab5cf563dba1565d
humanhash:	michigan-failed-mockingbird-bravo
File name:	PBC_YD10_INV8035360426.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	806'921 bytes
First seen:	2025-11-14 14:37:14 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:BKz8avNpv47F3ZDChyuyV0eBXWRY02YW2rqsx+CgcQe:BIHvUshyuyV0kwXZG7de
TLSH	T1AD05232BA093C6A439785E81E1EFD8A93CE5F449A9B7413CF9A1DB13361422CD5C261F
Magika	zip
Reporter	cocaman
Tags:	AgentTesla payment zip

cocaman

Malicious email (T1566.001)
From: "Michaela Sussmann <Michaela.Sussmann@kml-technology.com>" (likely spoofed)
Received: "from kml-technology.com (unknown [178.16.54.239]) "
Date: "13 Nov 2025 09:53:13 -0800"
Subject: "RE: Release Payment Against SA // 1875- Returning goods to ABE "
Attachment: "PBC_YD10_INV8035360426.zip"

Intelligence

File Origin

# of uploads :

# of downloads :

119

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	32512
File size:	20 bytes
SHA256 hash:	c3e6d6a2785be894fffa5905c4d260b9491e55f83f1606692013e0dfe836f082
MD5 hash:	fab67c91352ce00ee4cde14367b41c7c
MIME type:	application/octet-stream
Signature	AgentTesla

File name:	PBC_YD10_INV8035360426.scr
File size:	848'392 bytes
SHA256 hash:	4db74bcb0e687cf5e5ab70c1fe0775e84e06a37012a00eabf66cb55e5c920f23
MD5 hash:	25ba5db8d6d66fcac4c0362251d0615b
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Zip.SCR-1.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6915e4b4434cd67b17c0d957

Tags:

micro spawn shell lien

Result

Verdict:

Malicious

File Type:

PE File

Link:

https://app.docguard.net/e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

expired-cert invalid-signature obfuscated obfuscated packed signed

Link:

https://www.filescan.io/uploads/69173e9fc572b1bd5c8823d0/reports/f94dba56-81f9-43ac-ba20-0d6bccf7204e/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035

Verdict:

Malicious

File Type:

zip

First seen:

2025-11-13T01:50:00Z UTC

Last seen:

2025-11-16T05:36:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035/results?tab=lookup

Score:

99%

Verdict:

Malware

File Type:

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla discovery execution keylogger persistence spyware stealer trojan

Link:

https://tria.ge/reports/251114-sh295sdk2t/

Behaviour

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Suspicious use of SetThreadContext

Checks computer location settings

Executes dropped EXE

Command and Scripting Interpreter: PowerShell

AgentTesla

Agenttesla family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	INDICATOR_KB_CERT_7c1118cbbadc95da3752c46e47a27438 Create hunting rule
Author:	ditekSHen
Description:	Detects executables signed with stolen, revoked or invalid certificates

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip e483a5db130d36b8394c492a78f8a275858118d6f776bd669d7dcc5ea17c8035

(this sample)

AgentTesla

exe 4db74bcb0e687cf5e5ab70c1fe0775e84e06a37012a00eabf66cb55e5c920f23

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 4db74bcb0e687cf5e5ab70c1fe0775e84e06a37012a00eabf66cb55e5c920f23

Dropping

AgentTesla

Dropping

MD5 25ba5db8d6d66fcac4c0362251d0615b

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample