MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1289f71a673b34c6180f2dd036d83a7e37cf621cc13bef9af9792c98e3e79a96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1289f71a673b34c6180f2dd036d83a7e37cf621cc13bef9af9792c98e3e79a96
SHA3-384 hash: 06221b082065b627e2a81879f26b265f02e13ea4d2509f46f60c3ce7c8285f3c2c57eeee3db1c6cacc11cadf2b3df336
SHA1 hash: 21bcdb6672a8d8c0280b3418995a7d64b1fc7a85
MD5 hash: b89adcb62b611b1984e8556d37a36da8
humanhash: table-equal-arkansas-eighteen
File name:New Order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:676'012 bytes
First seen:2020-10-21 13:57:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:OnZN/e+ICDbWtcZ46r81CjTOC+xUqMj/Jh/bZNsGUVq60DqkoM1CracgigvYRCr7:OnZN/e+IC/WC1r81CXwyJxZOI60DqkXd
TLSH 3CE4336A1AD130A0F2DF1F7B77E1A68BEBBA366E092E05D0D18F5F4471C536045F4A60
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: 162-144-89-139.webhostbox.net
Sending IP: 162.144.89.139
From: Mr.Yusuf, <Yusuf@caroltex.com>
Subject: Quotation for spare parts
Attachment: New Order.zip (contains "New Order.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20634.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1289f71a673b34c6180f2dd036d83a7e37cf621cc13bef9af9792c98e3e79a96/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 12:54:12 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cke7ogthhm2mmgapfxidnwb2py346yq4ye567gxzpewjry7htkla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1289f71a673b34c6180f2dd036d83a7e37cf621cc13bef9af9792c98e3e79a96

(this sample)

AgentTesla

Executable exe 4ddbc9a435614a8bb268a0f6b7b9725239b6cae2602de06bd14b41a146afa112

  
Dropping
MD5 60104624dbe4e25771ae67e8119e485a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4ddbc9a435614a8bb268a0f6b7b9725239b6cae2602de06bd14b41a146afa112

Comments