MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cdcde1dbc398b525b17c68e9ccc1cfb71666a4788857be7aeb35231f167381fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cdcde1dbc398b525b17c68e9ccc1cfb71666a4788857be7aeb35231f167381fb
SHA3-384 hash: fcf7035a4456f3925b773e9514dc72233fadec64407990fb99852866af27fc400eabca738f71aae31fb8d14e6646aa47
SHA1 hash: d7fb64f0e78fcff43d3891cea97eda9f7dcc964d
MD5 hash: 055c262b7ea60636d5a2b2901f03a679
humanhash: washington-echo-quiet-yellow
File name:PO 06-15-2020 PDF.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:931'022 bytes
First seen:2020-06-15 05:41:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:cgqfhF4t+1z4vkmH0NlLHA0OVDQrQ79Y0A:cxF4YmvkmH+lTA09rQ7i0A
TLSH 851533E05A990DF716873AB3CCA5C63265587D913D628B3F6F2010BB1C575F38E23A89
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv1.demspor.com
Sending IP: 31.169.94.221
From: Steffen Kromer <mecare@heritage-global.com>
Reply-To: sales manager <md@smartdames.com>
Subject: RE: ORDER CONFIRMATION
Attachment: PO 06-15-2020 PDF.rar (contains "wire (5).exe")

AgentTesla SMTP exfil server:
mail.mkkarakosemobilya.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 05:43:07 UTC
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zxg6dw6dtc2slml4ndu4zqopw4lgnjdyrbl346xlgurr6fttqh5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cdcde1dbc398b525b17c68e9ccc1cfb71666a4788857be7aeb35231f167381fb

(this sample)

AgentTesla

Executable exe e1cbed7a232593e198fe8e3e687284856dfbbc9ca2863f0901745e64f2186f36

  
Dropping
MD5 a0965bb015fbfd2014aa9fb0b869ed4a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1cbed7a232593e198fe8e3e687284856dfbbc9ca2863f0901745e64f2186f36

Comments