MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 891dfc969382686d8ddcf39e878425779bfc2c374bb4f30c5610b3ed5cc21e48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 891dfc969382686d8ddcf39e878425779bfc2c374bb4f30c5610b3ed5cc21e48
SHA3-384 hash: ea3474ff69ea9e473672e6adeed8480e48e900c2e5d81a13634c19387c6033eaf303a4076f580237deb1c6438a5731d2
SHA1 hash: 9d277735b770f177ba4f687d312889fae44d5489
MD5 hash: 66c8816d121e7e1279f1fe802a95d137
humanhash: vegan-july-london-spaghetti
File name:Lab Equip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:340'824 bytes
First seen:2020-06-17 07:42:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:T2OTNnohTJbbNA9RGM7tMKzFlmhjkYMSpomaVs43n6KE/wc7/XYqs:yCInAXp7tMKMY/ZmaVTnI4crY/
TLSH 037423D758E4CB22B3DA2C8DFD56BB36C5ABDD041C8C42644646A1FE8D10836BBC7932
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv189.svservers.com
Sending IP: 46.17.41.31
From: info@deltainternational.ga
Subject: Re: Laboratory Equipment Purchase
Attachment: Lab Equip.zip (contains "Lab Equip.exe")

AgentTesla FTP exfil server:
ftp.lysandruolaw.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 07:44:04 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=reo7zfutqjug3do46opipbbfo6n7ylbxjo2pgdcwccz62xgcdzea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 891dfc969382686d8ddcf39e878425779bfc2c374bb4f30c5610b3ed5cc21e48

(this sample)

AgentTesla

Executable exe 47f12ec69f49c0ae05cd312f74076e822550a0e0ea8cf807262a6a11a16af1cc

  
Dropping
MD5 a6958fdad775a44dee4cca94663b3cbe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 47f12ec69f49c0ae05cd312f74076e822550a0e0ea8cf807262a6a11a16af1cc

Comments