MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1fdc17c0e4162aa56824d3a5e3cf926c54bd4bcf6f283fc7c6d13dfb577f3b40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1fdc17c0e4162aa56824d3a5e3cf926c54bd4bcf6f283fc7c6d13dfb577f3b40
SHA3-384 hash: 31b82e5f706ded2935064dd57693bc74cf73551cf18dd8238b73cf41580fa297fc761ca31a1a236ed5c36f3903811e45
SHA1 hash: fed7f5a72e5e5fa8e4e8e40d58b73ba3110d52d4
MD5 hash: 84ed3c013ca32644c51d5666e7515b7f
humanhash: jersey-uranus-spring-mango
File name:MPR For Instrument Tools.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:493'888 bytes
First seen:2021-01-18 07:56:19 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:aThnoCvxeDi/rOT0M5A6vcvK5pFoMUFGy+puP64dt:2hoo0D6q0MBKKKMUSuP6c
TLSH B7B423635207CEC3F2957EB74CBE051D89FF6F1A3E0A829B928857EC72A249059D3134
Reporter abuse_ch
Tags:AgentTesla arj


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: vps.websitesmalaysia.com
Sending IP: 103.233.1.132
From: Pavin Francis <pavin.frances@cpecc.ae>
Subject: Fw: BIFP / RFQ-BIFP-MPR-664-05 / Instrument Tools
Attachment: MPR For Instrument Tools.arj (contains "MPR For Instrument Tools.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1fdc17c0e4162aa56824d3a5e3cf926c54bd4bcf6f283fc7c6d13dfb577f3b40/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 07:57:21 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d7obpqhecyvkk2be2os6ht4snrkl2s6pn4ud7r6g2e67wv37hnaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1fdc17c0e4162aa56824d3a5e3cf926c54bd4bcf6f283fc7c6d13dfb577f3b40

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 1fdc17c0e4162aa56824d3a5e3cf926c54bd4bcf6f283fc7c6d13dfb577f3b40

(this sample)

AgentTesla

Executable exe 9918fff296f4d3133e38a13c5983a057c01b98837ca3af7948daa1ab6fa145c6

  
Dropping
MD5 8ac5c3863f38b385ee5ae34be7473125
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9918fff296f4d3133e38a13c5983a057c01b98837ca3af7948daa1ab6fa145c6

Comments