MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12440f64618ca6a530e7488728318bafade4367978c100ef13499fe86fbc9131. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12440f64618ca6a530e7488728318bafade4367978c100ef13499fe86fbc9131
SHA3-384 hash: a6bbf9296bee99d28c973b9d589318184d51f1f34c28fc75e4406e1b5cfab244af02777c9bf96a22a1193e6d9af610dc
SHA1 hash: 55ab446c15a425001f322eb6f8b957c8974b82ab
MD5 hash: f6e52ded4d2ca08ae2fb9e9426e0a1cd
humanhash: stairway-charlie-friend-hot
File name:Payment Copy.PDF.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:407'613 bytes
First seen:2021-03-02 07:52:49 UTC
Last seen:2021-03-08 05:52:42 UTC
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:gd6ztOgnBBq6L8H+Oye/cKszPLtyD1FvmdXbDKzAQrR2kOfCazcldf14:gd6zwgnBBqq23N/prCbDNk3ecC
TLSH 908423314A8026B123590210670BBBAADF3516079CF790D764ED6BD4BE6442BCEF793E
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gb0.310.mxsen.ml
Sending IP: 128.199.35.159
From: "Finance Department" <admin@310.mxsen.ml>
Subject: Remmittance copy attached
Attachment: Payment Copy.PDF.cab (contains "Payment Copy.PDF.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36429883.25065.3863.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12440f64618ca6a530e7488728318bafade4367978c100ef13499fe86fbc9131/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-02 07:53:06 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cjca6zdbrstkkmhhjcdsqmmlv6w6intzpdaqb3ytjgp6q354seyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/12440f64618ca6a530e7488728318bafade4367978c100ef13499fe86fbc9131

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 12440f64618ca6a530e7488728318bafade4367978c100ef13499fe86fbc9131

(this sample)

AgentTesla

Executable exe 968e60c11343f3e1eb40b68b0adf724f44db336cc28fc8154b236fd2814d42ca

  
Dropping
MD5 8f0433b18910c6f38f7db1198cea0e62
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 968e60c11343f3e1eb40b68b0adf724f44db336cc28fc8154b236fd2814d42ca

Comments