MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 1


Intelligence 1 IOCs YARA File information Comments 3
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3
SHA3-384 hash: 901d7b7264ecea4d9ff6ea2726766338afd0ecf911497cc5038b832c6e639b88eb81236d9fe44a8e6b2388cec104c890
SHA1 hash: 6251653f799a37322bcb7fdc6009eb1ef573b0cd
MD5 hash: a03e725a75fa9a2a28eae6bfc6cd085d
humanhash: ohio-idaho-twelve-aspen
File name:INVOICE (1).zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:527'287 bytes
First seen:2020-08-27 21:09:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:yjYult3PU4/qJfkUawsIRYF5P75AO96jRayiP85JB/:yPX0JcUawKDpEjRPi6B/
TLSH E4B4232C0741966FC383266E7A9CF1525E375D3587AEE0758DC3726F2912906FCC82BA
Reporter c_APT_ure
Tags:AgentTesla


Avatar
c_APT_ure
unknown password

unverified file details:

filename: 7vM8S5ANDakbWGy.exe
size: 579'072 bytes
date mod: 2020-08-27 11:03:22 (UTC+2 ??)

anyone have a hash or pwd for this?

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.16435.5387.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
TomU | I'm still here... til the end commented on 2020-08-28 16:16:51 UTC

https://twitter.com/c_APT_ure/status/1299379723672354816

Thanks, I got it.

pwd is the filename of the exe within (w/o fileext.)
("7vM8S5ANDakbWGy")

#AgentTesla

https://virustotal.com/gui/file/be2bc33b9acb5b939bc7cba84521cda274380a09b4acbe6e9696b8183352b5e8/detection

Avatar
TomU | I'm still here... til the end commented on 2020-08-28 16:15:55 UTC

https://twitter.com/c_APT_ure/status/1299379723672354816

Avatar
TomU | I'm still here... til the end commented on 2020-08-27 21:13:07 UTC

https://www.virustotal.com/gui/file/f4841b9b9006e327d58c8d6fb6e1bb3699d05fcd10fcaf7adcdde47efccb13b3/details

FileType ZIP
FileTypeExtension zip
MIMEType application/zip
ZipBitFlag 0x0001
ZipCRC 0xe654fa2a
ZipCompressedSize 527079
ZipCompression Deflated
ZipFileName 7vM8S5ANDakbWGy.exe
ZipModifyDate 2020:08:27 10:03:22
ZipRequiredVersion 20
ZipUncompressedSize 579072