MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cee6006d5b3e10366b8a87e62b658f8faa410a9e8ab1a8dcd212461e466b9d11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cee6006d5b3e10366b8a87e62b658f8faa410a9e8ab1a8dcd212461e466b9d11
SHA3-384 hash: 13dfa2f5717f56bf6f545039bf9e01ece5642343f38d26d64608c47aef3d708aa8f2f82df8cf9f93f4e749295ee018a6
SHA1 hash: 8e449675966492d67f37d353d9d269b24790d283
MD5 hash: 493a0ae2540540b2f9f57fc780fc3122
humanhash: apart-solar-december-echo
File name:SCAN DOC RFQ WPQ-1904-0028NEW PO_PDF.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'376'256 bytes
First seen:2020-08-12 18:30:16 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:3owqpd03+l03+2LL2xjojRlol6PGuLJk0K8V5TL:3owqpd03+l03+SKxjoiCh/3
TLSH D055D02433A59833D2767E35C6B75510077ABC97393AC30E6BCD33CE9D207A95A107AA
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: secureserver.8verhost.com
Sending IP: 104.247.74.28
From: Marina Musa <sales@saliran.com>
Reply-To: Marina Musa <accounts@pdgproperty.com>
Subject: RFQ : URGENT WPQ-1904-0028/NEW PO.
Attachment: SCAN DOC RFQ WPQ-1904-0028NEW PO_PDF.IMG (contains "SCAN DOC RFQ WPQ-1904-0028NEW PO_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.RSharedStrings.21401.2052.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cee6006d5b3e10366b8a87e62b658f8faa410a9e8ab1a8dcd212461e466b9d11/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 18:32:07 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3taa3k3hyidm24kq7tcwzmpr6veccu6rky2rxgscjdb4rtltuiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cee6006d5b3e10366b8a87e62b658f8faa410a9e8ab1a8dcd212461e466b9d11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img cee6006d5b3e10366b8a87e62b658f8faa410a9e8ab1a8dcd212461e466b9d11

(this sample)

AgentTesla

Executable exe 86fb079125f93834e6dc2f5ef86c61c36f6a9dbae5338a42341f75bf329b06bf

  
Dropping
MD5 95103b1def7b86a7bfefc2115c58227a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 86fb079125f93834e6dc2f5ef86c61c36f6a9dbae5338a42341f75bf329b06bf

Comments