MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15
SHA3-384 hash: e86bbab083c31db2f03f49b71e13f15090d1fea60f190d994cb503c587e5ef0c2b902dbee251ddf313792cdf600e3b70
SHA1 hash: 9ba47c36fd83e3def166a21f0f7d549e65251eb9
MD5 hash: 582a822eeb8469d3f073834d607ec5a6
humanhash: steak-twenty-hawaii-chicken
File name:Swift copy.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:590'025 bytes
First seen:2020-08-14 08:22:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:6ihcbEDzy1m6BaEFl0ezxrHCQYfskH4A2/BtES:Bm6y1DakKOR+0kWES
TLSH ABC4234BF232EF3877BB2A3168785B6964457BDFB0A1822B745421C83573A4219CEC78
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: m30.nskorea.com
Sending IP: 110.45.231.30
From: Citi Newyork<Peter.Zeller@citibk.com>
Reply-To: <Peter.Zeller@citibk.com>
Subject: Swift/TT copy in your favour.
Attachment: Swift copy.zip (contains "Swift copy.exe")

AgentTesla SMTP exfil server:
mail.dicera.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21743.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 08:23:07 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vsabieqi4lq7lco7fegifq55ns26h2zbib4vxjnovvl26nwrf4kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ac80141208e2e1f589df290c82c3bd6cb5e3eb2140795ba5aead57af36d12f15

(this sample)

AgentTesla

Executable exe ac91a92482a83fc39b66e0e3f6c46839fd77d16316c38830a9921ca707e824af

  
Dropping
MD5 07c4b11a9ae9fa3e3aaf32d4573ed3d0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ac91a92482a83fc39b66e0e3f6c46839fd77d16316c38830a9921ca707e824af

Comments