MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf6acf9276de65e04d6317c7c651a9b2ec3aa60528421fbb585ab48bfda428b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf6acf9276de65e04d6317c7c651a9b2ec3aa60528421fbb585ab48bfda428b2
SHA3-384 hash: 8e8108f73b28f81decb45f5ee5b71618d2fc9e152a74fbe254ef4b9e1403c4be1a56271dd29dedaa67f4a02bbe223acb
SHA1 hash: 82f7ad715c253bb6335eb22046b287e1e1d21bb7
MD5 hash: 250ebbe12051c356ba4802f4bb93a42a
humanhash: orange-king-robin-zebra
File name:New Order.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'233'643 bytes
First seen:2020-07-20 08:54:59 UTC
Last seen:2020-07-20 08:55:47 UTC
File type: z
MIME type:application/x-rar
ssdeep 24576:Eu8FE8alM4AiIZe47NnHRRh+1E9fp9zaVNI3tB8:Etm8afAiIZeinbh+1KYI3b8
TLSH 07453372E8DEDDE326D4F355C9EC0EB6343091AF142BD997078656DD602E206E31E760
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.arcohosting.com.br
Sending IP: 162.221.185.34
From: Laurence Gex <marcelopaiva@granisa.com.br>
Subject: Order Details
Attachment: New Order.z (contains "PO#3459.jpg.exe")

AgentTesla SMTP exfil server:
mail.kaysarplastik.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25893.RarHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf6acf9276de65e04d6317c7c651a9b2ec3aa60528421fbb585ab48bfda428b2/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 08:56:12 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5vm7etw3zs6atldc7d4munjwlwdvjqffbbb7o2ylk2ix7nefcza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf6acf9276de65e04d6317c7c651a9b2ec3aa60528421fbb585ab48bfda428b2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z bf6acf9276de65e04d6317c7c651a9b2ec3aa60528421fbb585ab48bfda428b2

(this sample)

AgentTesla

Executable exe 006e2d9f385a7c4d88299832906bf975a311e61ad24fb8b5b1130a9f308cb8c7

  
Dropping
MD5 518090e39e06e5f3efcebcdf9404183d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 006e2d9f385a7c4d88299832906bf975a311e61ad24fb8b5b1130a9f308cb8c7
  
Dropping
SHA256 7998ac3e684a8b86abc784ecfbce4a23a54166ef3a08d497a0288dc667c6f510
  
Dropping
MD5 8f12c0c6c1854dae382473bfe77019f7

Comments