MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ee14e303bd522941f0c9aacc0dada369e47533ded99c8252fec3991efb524cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ee14e303bd522941f0c9aacc0dada369e47533ded99c8252fec3991efb524cd
SHA3-384 hash: 1853582cb0b753fbf7ca0fe22507f9d6c17a0d019bc140ea906cf0f7c42073cf3929da34b1e428fa3148ba306c17dad6
SHA1 hash: c3c3c81e3531b692ab360aadc7fe2e96601c29b5
MD5 hash: c67b42f212bb75836b37bfb05965dde7
humanhash: tango-stairway-cup-table
File name:QUOTES.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:515'944 bytes
First seen:2020-12-22 12:42:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:sE8UyhfEoepw0GVVWQQWx2ydfal6M81D4Paz8lIAL12qCI7:sjHJEoeu0GHWQPx2yxl4Paz8lVLh
TLSH F9B4230EC61CDFE02F957BCB6482AA40555412B48EDCFAD1894EA14F5781DCFAE848EF
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: DS8420095.clientshostname.com
Sending IP: 185.159.82.34
From: sales.surratiperfumes@gmail.com
Subject: Request for Quotation
Attachment: QUOTES.zip (contains "QUOTES.exe")

AgentTesla C2:
http://69.174.99.26/webpanel-oba/inc/aaf0cc48f53372.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
286
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.273483.22025.10442.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ee14e303bd522941f0c9aacc0dada369e47533ded99c8252fec3991efb524cd/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-22 12:43:05 UTC
AV detection:
11 of 45 (24.44%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=d3qu4mb32urjihymtkwmbww2g2peouz55wm4qjjp5q4zd35vetgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ee14e303bd522941f0c9aacc0dada369e47533ded99c8252fec3991efb524cd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1ee14e303bd522941f0c9aacc0dada369e47533ded99c8252fec3991efb524cd

(this sample)

AgentTesla

Executable exe a12b5642d46a84772dbb148f01f8866bbfdd84f90c7647982ef4424de58e6852

  
Dropping
MD5 b5ad8c9499ca6655ac1235178dbaf5ab
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a12b5642d46a84772dbb148f01f8866bbfdd84f90c7647982ef4424de58e6852

Comments