MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b62f94dec239123f29196798d750f1edbfd09d7cdb21c986090991e7fec4ae50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b62f94dec239123f29196798d750f1edbfd09d7cdb21c986090991e7fec4ae50
SHA3-384 hash: 2c8f53fdf0ae5f8c5e02be86b46254ca6b08ca2aae0da418bacced7a6b7684ca6b77c600a6f6bbb4a2c8df4e0c98a2cc
SHA1 hash: 3ea077aba959eb01e55f04e726eb5754865b59ea
MD5 hash: bf855a37ee0c96138e19272a8f0dfff3
humanhash: angel-glucose-eight-potato
File name:payment-doc-pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:377'716 bytes
First seen:2020-06-12 06:43:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:VNA8LlabGv/snExhfAIY9se6ZHv9iV4/jTySFVvv3/u3juI+QwxdWzy6V8U37MnR:ubGv/c7IY90dQ4CSFVn3/uzdQzayc7iR
TLSH 8D8423073D1F7C95EA41E840A649EE70299939BB3910B63436FFCE7A3998C19B074C79
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ext42.host.am
Sending IP: 213.136.82.91
From: parasat@kalam.kz
Reply-To: parasat@kalam.kz
Subject: COPY OUTGOING PAYMENT - MT103 / CBC-DEBIT ADVICE-EMAIL
Attachment: payment-doc-pdf.zip (contains "payment-doc-pdf.exe")

AgentTesla C2:
http://lucasacc.com/office001/webpanel/inc/3331f6ffacdb1f.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:45:07 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wyxzjxwchejd6kizm6mnouhr5w75bhl43mq4tbqjbgi6p7wevzia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b62f94dec239123f29196798d750f1edbfd09d7cdb21c986090991e7fec4ae50

(this sample)

AgentTesla

Executable exe 645cbbca08307fe68c67b567bb2dcd7852bce6c817af0cf5286561d0cc161a27

  
Dropping
MD5 9be830f1d384763e3f2e9694d285ccdb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 645cbbca08307fe68c67b567bb2dcd7852bce6c817af0cf5286561d0cc161a27

Comments