MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 803e4f7759e21b0d2c93f4e43e93e928cf0df1eac2da8ce3f4eded5be6102635. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 803e4f7759e21b0d2c93f4e43e93e928cf0df1eac2da8ce3f4eded5be6102635
SHA3-384 hash: 2419a07c48c234c21a4989686d936c398e7f9e62dee5f156cad5263ca5a8a6c889d53e98cd61ad8a73c3b808a1caf8ad
SHA1 hash: b25fba7bd852d53c75106946663725f879ed3f1b
MD5 hash: e08f72d878b359150c2bb3668b259f8a
humanhash: comet-seventeen-pennsylvania-florida
File name:Purchase Order 4589012.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'399 bytes
First seen:2020-07-16 09:59:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:eX6tKLTioNKGjrsAZV4BQQXBPwV5l9oo/Q2/Det:E6tKLnNKWrXDiwfioDa
TLSH B8842310D342B9914A672A77EF409C94D38F82C6B55B4DC01A3342EF886AA578B25FBD
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.sgbcg.com
Sending IP: 113.11.251.241
From: lamya.alqahtani@arabian-pipes.com
Subject: PO #4589012
Attachment: Purchase Order 4589012.iso (contains "Purchase Order 4589012.exe")

AgentTesla SMTP exfil server:
mail.meiaduzia.pt:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/803e4f7759e21b0d2c93f4e43e93e928cf0df1eac2da8ce3f4eded5be6102635/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:01:05 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qa7e652z4inq2let6tsd5e7jfdhq34pkylnizy7u5xwvxzqqey2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 803e4f7759e21b0d2c93f4e43e93e928cf0df1eac2da8ce3f4eded5be6102635

(this sample)

AgentTesla

Executable exe ccb65f79de018225e7ca824cc70f81726e771019e53785d7a2a3772548fcfa23

  
Dropping
MD5 c14996b07681c32bfffc365b67b85be5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ccb65f79de018225e7ca824cc70f81726e771019e53785d7a2a3772548fcfa23

Comments