MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e0d21b70e545edd5cf8b7c1c5f7f5a9d6f568b597ddb7b8576fc515e9c85182. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e0d21b70e545edd5cf8b7c1c5f7f5a9d6f568b597ddb7b8576fc515e9c85182
SHA3-384 hash: df707661df92830109a5905236039a5d86e44de0143473219663fe7b8c94148e8878d92e6d7db01b8980214c0237d9d5
SHA1 hash: 9a841f0829f1794522f60e2c3d2d86438f2d5209
MD5 hash: 1d6c5d9783d24378c634a3b3e60ba92d
humanhash: tennis-romeo-robin-bravo
File name:Order Confirmation_14082020-001_Draft.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:496'758 bytes
First seen:2020-08-14 10:40:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:hkgUBpk8v1LyMavd+nhvC6O3bWL0kyXijzJYCt24ocw8ji:hkgT8vkM+8nhK6O36L0kIwFI4/wsi
TLSH A3B423C3D4C3C861B2D78EE3EB1535281EF9A34917674171822B974D22BD306BABEE54
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ns388824.ip-176-31-255.eu
Sending IP: 176.31.255.155
From: Yongha Yang(Nick) <yhyang@berndorf.co.kr>
Subject: RE: Berndorf / Draft for order confirmation
Attachment: Order Confirmation_14082020-001_Draft.rar (contains "Order Confirmation_14082020-001_Draft_PDF.exe")

AgentTesla SMTP exfil server:
mail.karina.gen.tr:587

AgentTesla SMTP exfil email address:
kaan.karaagac@karina.gen.tr

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e0d21b70e545edd5cf8b7c1c5f7f5a9d6f568b597ddb7b8576fc515e9c85182/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 10:41:06 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tygsdnyokrpn2xhyw7a4l57vvhlpk2fvs7o3pocxn7crl2oikgba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9e0d21b70e545edd5cf8b7c1c5f7f5a9d6f568b597ddb7b8576fc515e9c85182

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 9e0d21b70e545edd5cf8b7c1c5f7f5a9d6f568b597ddb7b8576fc515e9c85182

(this sample)

AgentTesla

Executable exe 892903d839863e0ffa2f8d3566d03f95f1d06dc3de55de766f37b6b04b3a608e

  
Dropping
MD5 dfcfcdbcbbe8a5841f72cb8100dcc2fd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 892903d839863e0ffa2f8d3566d03f95f1d06dc3de55de766f37b6b04b3a608e

Comments