MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8733e02341d126bf64636124cc25d0b7c699ad8080856bc1af843a4f6ae10f38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8733e02341d126bf64636124cc25d0b7c699ad8080856bc1af843a4f6ae10f38
SHA3-384 hash: 64d5ee2130ab124c60b6ccde572e3c9755d2bafed15b383f76135b47c9753c16d642bef95af76171d29c6656ac634bd0
SHA1 hash: 638539ce779b154f3722765d2682aca2497b1303
MD5 hash: 0750ecc43773ac1131a7dc08f0d23b9d
humanhash: low-social-texas-twelve
File name:attachments.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:408'101 bytes
First seen:2020-06-17 06:15:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:wzjmL/x84O5SjgESQzZFaED6yjb+06McPG09diGEt:4jW/x84CSjg4Tatyjl6DPGIiGEt
TLSH 4D942319FE03B9B9C60C2AD221AEA193012430ED851D3E105ADA7254F35ADFDB6B943F
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: faisaljassim.ae
Sending IP: 193.142.58.61
From: Nurita Ayu <fjtrsales@faisaljassim.ae>
Reply-To: Nurita Ayu <fjtrsales@faisaljassim.ae>, Director <1990.amaco@mail.bk>
Subject: Fw: RE: RE: Request for Bid (#fjtr440620)
Attachment: attachments.zip (contains "#440620.docx.exe")

AgentTesla SMTP exfil server:
twire.icu:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Zmutzy.809.23812.15347.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 06:17:05 UTC
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4z6ai2b2etl6zddmesmyjoqw7djtlmaqccwxqnpqq5e62xbb44a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8733e02341d126bf64636124cc25d0b7c699ad8080856bc1af843a4f6ae10f38

(this sample)

AgentTesla

Executable exe 12d4c982f6bdeaa94f72fff498674f68349a3bead97291d9a52ea39064228854

  
Dropping
MD5 e0de74a59868bde87235e8a21f6b4adb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 12d4c982f6bdeaa94f72fff498674f68349a3bead97291d9a52ea39064228854

Comments