MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62785df3fc31338b6d62b8d46b692a15712d95960f15f3fee2282e9e24e698e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62785df3fc31338b6d62b8d46b692a15712d95960f15f3fee2282e9e24e698e8
SHA3-384 hash: 44d2d6671bcf97875a115aa369535fdf6638d7f751129f6995476a4be80788e15a84c585c741d34055f398aa925d139d
SHA1 hash: b1410583653008e8eb00a4bd83889df53a6c72c2
MD5 hash: c67feddbf3814b4177a796455261e706
humanhash: september-hot-fix-six
File name:NEW ORDER COPY.PDF.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:526'789 bytes
First seen:2020-08-06 05:19:26 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:8BvsZNGw380/gttL3mf9hEP6ruaj1rOJofLrpiMTdlC:8BvsZNGwM0+t7mfr0TaxrOELlZdk
TLSH C0B43387619DE3223D6DC82C191C0A4151A5B5C8049BCC879A9EB957FF2B03EF0DBE8D
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: biz.vnpt.vn
Sending IP: 37.48.83.10
From: Acount Director <kieu.lt@biz.vnpt.vn>
Subject: 回复:NEW ORDER
Attachment: NEW ORDER COPY.PDF.z (contains "NEW ORDER COPY.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62785df3fc31338b6d62b8d46b692a15712d95960f15f3fee2282e9e24e698e8/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 05:21:05 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mj4f3474gezyw3lcxdkgw2jkcvys3fmwb4k7h7xcfaxj4jhgtdua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/62785df3fc31338b6d62b8d46b692a15712d95960f15f3fee2282e9e24e698e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 62785df3fc31338b6d62b8d46b692a15712d95960f15f3fee2282e9e24e698e8

(this sample)

AgentTesla

Executable exe d3da8a5db05b801ccfadb4d396327f9bc10b616ac2cc89f197552a23f7044dee

  
Dropping
MD5 c1c235511a22b3dfafa9968716b05395
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3da8a5db05b801ccfadb4d396327f9bc10b616ac2cc89f197552a23f7044dee

Comments