MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96e7e77f1bf0052ad463e334746fec8c5a80c5962a6577571f07fb96297c09fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 96e7e77f1bf0052ad463e334746fec8c5a80c5962a6577571f07fb96297c09fb
SHA3-384 hash: 41cdb5c294fb3641944916e3c42d93a89665b1641866a42e8b15cba121c6865d697d3864c84d233f359d6b9ff6d5152a
SHA1 hash: 6149dc88129253f6a3641c09146519cbdd920b41
MD5 hash: abc8d9ef4263ceb43b064ae2022c22ec
humanhash: crazy-bulldog-undress-spring
File name:Ref 0180066743.img
Download: download sample
Signature n/a
File size:1'245'184 bytes
First seen:2020-07-31 16:05:32 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:JutrmZl4x/rwtgEuOfm9FqbiaYuSp/kyRf:Ytrg0+gdumXqb9Yvpj
TLSH 5F45F02C16644B66F52A06BF1C7661439F62D01F1122C2177EBC61EA173EB8C3D91FAB
Reporter @abuse_ch
Tags:AgentTesla img


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: mwon.net
Sending IP: 69.64.67.236
From: PAGOS <pagos@grupodiaz.com.mx>
Subject: Re: DEVOLUCIÓN DE PAGO TT (Ref 0180066743)
Attachment: Ref 0180066743.img (contains "Ref 0180066743.PDF.bat")

AgentTesla SMTP exfil server:
mail.emifarma.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
61
Origin country :
US US
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2020-07-31 16:07:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level
  5/5
Threat name:
Suspicious File
Score:
0.45

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

img 96e7e77f1bf0052ad463e334746fec8c5a80c5962a6577571f07fb96297c09fb

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments