MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de582ac17cc6c395830dbc1089326aa15c63c14775a367f5c4a67306718b7c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de582ac17cc6c395830dbc1089326aa15c63c14775a367f5c4a67306718b7c76
SHA3-384 hash: c8729f065b1ffb3e34501402a382f0f8081bc9b9544ac09e49578f0264f8e02a465a3acc853d3918bcc4f491d08577fd
SHA1 hash: d5ecf38eb41f1f3965b73e7416120bdb69a6c7b5
MD5 hash: 9e9dc8a155571a451efb2d19d5d5a8e1
humanhash: maine-gee-yellow-uniform
File name:AWB Number Tracking.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:435'530 bytes
First seen:2020-08-17 06:35:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ZbQ9qFwn3SY3VivoSQcTjBU5/h/hrHAO8Oj1ijl0:60vYAecTClh/lHAOdRijG
TLSH 0E942384FF2E5378BE427F7B68C81C9909859EFC5EF560A5DE8218B1B7827463460783
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hshgroups.co
Sending IP: 104.168.166.26
From: DHL EXPRESS SERVICE<dhlexpress@dhl.com>
Subject: DHL international express shipping, AWB number and parcel tracking-205*****7208
Attachment: AWB Number Tracking.rar (contains "AWB Number & Tracking.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de582ac17cc6c395830dbc1089326aa15c63c14775a367f5c4a67306718b7c76/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 06:37:06 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3zmcvql4y3bzlaynxqiismtkufoghqkhowrwp5oeuzzqm4mlpr3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/de582ac17cc6c395830dbc1089326aa15c63c14775a367f5c4a67306718b7c76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar de582ac17cc6c395830dbc1089326aa15c63c14775a367f5c4a67306718b7c76

(this sample)

AgentTesla

Executable exe 18b361d4c6546def2b2023997b8b0f425f8c1f4f393b94550abebdf69dc2f6e2

  
Dropping
MD5 ded1d44f70925d107b0ab583099b5ab8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 18b361d4c6546def2b2023997b8b0f425f8c1f4f393b94550abebdf69dc2f6e2

Comments