MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06
SHA3-384 hash: 0f0f59b1963eb8de84dfa5ee9c741b316130552a1608b87bcbb95e0130f68307a217f5dce256d090e243709e8ffa6477
SHA1 hash: 4fb951e731afe74e8dfe97027b34559f1d80883a
MD5 hash: 71745d26a170b2951bc7185b6024949b
humanhash: bluebird-florida-delaware-music
File name:Purchase Inquiry Datasheet Of Listed Items.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:539'672 bytes
First seen:2020-08-06 06:39:37 UTC
Last seen:2020-08-08 10:49:07 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:JvFkQ5N6YBSs1BcmDtRoHZEvibaAms1YQ5GWpLkCaxK:hFkqNzUmZRo5EvibaAmKYQzpLJR
TLSH 2DB423AEC75B1FC05705C4A94F193B23AC72D79286A437F8A5D81329C73CA33F919A46
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ncsline.com
Sending IP: 103.149.13.242
From: Seika <tokyo@ncsline.com>
Subject: RV: 20ft x 1 Inquiry from WUHAN WIDODA CO., LTD.
Attachment: Purchase Inquiry Datasheet Of Listed Items.7z (contains "Purchase Inquiry Datasheet Of Listed Items.exe")

AgentTesla SMTP exfil server:
server122.web-hosting.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 06:41:06 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v7uvfeqntkrkuipq2nq3ikto3epm6kasruca6xen7i7a5az2nyda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip afe952920d9aa2aa21f0d361b42a6ed91ecf28128d040f5c8dfa3e0e833a6e06

(this sample)

AgentTesla

Executable exe c1f797506aa00305f7d7df4ef9933904a58c03c7da3f5a20f9087279ea71a1d6

  
Dropping
MD5 98946b57d66c04e46436391548532eb5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1f797506aa00305f7d7df4ef9933904a58c03c7da3f5a20f9087279ea71a1d6

Comments