MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b554d78706c952b64c4c99acd71dcb747d591567e6553f401b3e74e5ed06686. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b554d78706c952b64c4c99acd71dcb747d591567e6553f401b3e74e5ed06686
SHA3-384 hash: e67b41904036b54200683ec2d1cf1133e70653cbbd91f6544bf2e57e73c0943c3631642a7ac33f03481b4e0a2ee98a94
SHA1 hash: 58a0059f5b525357c590db48a144b391d5a1bd88
MD5 hash: 26bb18c3f527adff08475878e6fdee73
humanhash: network-ceiling-utah-lake
File name:Document-Receipt.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:615'744 bytes
First seen:2020-08-12 18:08:15 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:45qmvUD48V6fJMqYzGVccWcsC67zm4MZaakVv0OsZhAI8lEjjOufb:4g0R+YMCMRQkV8VgiGwb
TLSH 1DD4238F904D49F771EBF2F046AF57B0B95EE8B4104611BCD8EE9839424AC0AD6813ED
Reporter abuse_ch
Tags:AgentTesla FedEx gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.sap-express.com
Sending IP: 103.31.132.106
From: FedEx Express <india@fedex.com>
Subject: FedEx Express Parcel Delivery//Notification
Attachment: Document-Receipt.gz (contains "Document-Receipt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.RSharedStrings.27902.22751.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b554d78706c952b64c4c99acd71dcb747d591567e6553f401b3e74e5ed06686/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 18:10:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lnku26dqnskswzgezgnm24o4w5d5lekwpzsvh5abwptu4xwqm2da._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b554d78706c952b64c4c99acd71dcb747d591567e6553f401b3e74e5ed06686

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 5b554d78706c952b64c4c99acd71dcb747d591567e6553f401b3e74e5ed06686

(this sample)

AgentTesla

Executable exe 6587a13e1acc0297426512421aeb195fab4f3dec51c425b21dd8ee6f9972507f

  
Dropping
MD5 d70bde86bbdbd33d83332c12340933dc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6587a13e1acc0297426512421aeb195fab4f3dec51c425b21dd8ee6f9972507f

Comments