MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7f08d91392a930da716f9eaf3d594aa1c5c6afb80da0e12900aedc2d696e72a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7f08d91392a930da716f9eaf3d594aa1c5c6afb80da0e12900aedc2d696e72a
SHA3-384 hash: ecd1dd2c13f956d17c89041cd073ba56454e3e0a843854715e6cb0843de028fc7eb06d0799c381c58e51d1e3d3beb45a
SHA1 hash: 86e9a075b225cb109cf3d265d8b569706960de33
MD5 hash: f014fad415e3aab9ad73f871a1f95882
humanhash: queen-robert-nebraska-east
File name:TNT Express Invoice_pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:280'362 bytes
First seen:2020-06-08 05:44:11 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Zbf4DPpgy9IgtsgrcFzPwsPRjUhbPgNLXSgwFP5RMhnMy/p2nr2vGLp:ZED79IgChpPZYhbPgNDSg0RYJz+1
TLSH 255423E9EAC43EECE93B0B76946741CCC02C2C57299538C95D82443F5E36FE4B7649A8
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email
From: TNT EXPRESS <service@tnt.com>
Received: from zeus.webex.gr (static.158.69.4.46.clients.your-server.de [46.4.69.158])
Date: Mon, 08 Jun 2020 03:00:53 +0100
Subject: Consignment Notification: You have A Package With Us
Attachment: TNT Express Invoice_pdf.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:01:34 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=27yi3ejzfkjq3jyw7hvphvmuviofy2x3qdna4euqblw4fvuw44va._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d7f08d91392a930da716f9eaf3d594aa1c5c6afb80da0e12900aedc2d696e72a

(this sample)

AgentTesla

Executable exe 10a218233adab0c665d5a4e95a6c9af38bc2de5e9c81e9bf0b12587780e1b97f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 10a218233adab0c665d5a4e95a6c9af38bc2de5e9c81e9bf0b12587780e1b97f
  
Dropping
AgentTesla

Comments