MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0993203554399fecda6ed63a2b6a1f24251a38c0e053540bc2651dc86173e819. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0993203554399fecda6ed63a2b6a1f24251a38c0e053540bc2651dc86173e819
SHA3-384 hash: 218aa2d0e350a6ff0294f6663595eb0b064f08c4bcf197a858378c48c25d8478e32b9fc12826fd95823d7d896d3c0a9e
SHA1 hash: a6b1bd2c0ab41cb827f4cbabe85779f7b3d4cd80
MD5 hash: 7e4075cd2b8f2a99b16d35f9c4f8b6ef
humanhash: monkey-carpet-comet-monkey
File name:Simuteanous-project.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'638'400 bytes
First seen:2021-01-18 18:12:40 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:NJtN7Ud6mIfhKsJDW/1TD19+YD/SA4V4:PbCo8sZeTD19+YD/SLV
TLSH 58758D2971A84B15E4396FF04D6483888BFDEE5A1526EF0AFDC135F7DA71B01860A723
Reporter abuse_ch
Tags:AgentTesla img Telegram


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rspamdou1.idm.net.lb
Sending IP: 194.126.4.82
From: ziad.sakr - IDM SAL <ziad.sakr@createchintl.com>
Reply-To: reply@gensa.info.tr
Subject: simultaneous progress
Attachment: Simuteanous-project.img (contains "Simulteanous-Project.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen11.57608.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0993203554399fecda6ed63a2b6a1f24251a38c0e053540bc2651dc86173e819/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 04:26:02 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bgjsankuhgp6zwto2y5cw2q7eqsruoga4bjvic6cmuo4qylt5amq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0993203554399fecda6ed63a2b6a1f24251a38c0e053540bc2651dc86173e819

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 0993203554399fecda6ed63a2b6a1f24251a38c0e053540bc2651dc86173e819

(this sample)

AgentTesla

Executable exe 66b779d10a19450ad75998ccbc9b0fb2725e6da467ee1da2253b5624db1d3c86

  
Dropping
MD5 a767c687b32c4626b8310c83270d40ef
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 66b779d10a19450ad75998ccbc9b0fb2725e6da467ee1da2253b5624db1d3c86

Comments