MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21fdd6fadbe362fd034900841aaade0613d7f15573f03313ad29645472780837. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21fdd6fadbe362fd034900841aaade0613d7f15573f03313ad29645472780837
SHA3-384 hash: 696efaf7c864dd0ebdf9fc27b000173032082c723b3c837adba5bd6f2bb5f441694ecf53dc8fedcf160c1ac9b8e6e87d
SHA1 hash: e3195372637bb3485d744501fe55504865217b7c
MD5 hash: 686293552b8e1b21771874c2ec477abc
humanhash: grey-oranges-seventeen-maine
File name:Purchase Order32002068.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'293 bytes
First seen:2020-11-07 10:27:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:WjoCTLT38aUwM4YHP0WA5096jy5yBKLTiag6nyyTooU:WDv78aUZ/vPJ6y88LzZUoU
TLSH 169423E339176BE784BB003E9267E4DED00237958F0ED88DA51933196D2EFD5C5AE124
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.aero-cabln.com
Sending IP: 23.254.226.78
From: Almanza, Alejandra<sales6@aero-cabln.com>
Subject: Purchase Order RefNo 5032002068
Attachment: Purchase Order32002068.7z (contains "Purchase Order32002068.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22205.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/21fdd6fadbe362fd034900841aaade0613d7f15573f03313ad29645472780837/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 18:18:29 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=eh65n6w34nrp2a2jaccbvkw6ayj5p4kvopydge5nffsfi4tyba3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 21fdd6fadbe362fd034900841aaade0613d7f15573f03313ad29645472780837

(this sample)

AgentTesla

Executable exe d71e111e12643f8c35292b4b2f02f45935f76acba96d2f0d66f55bb752955644

  
Dropping
MD5 0bd6c0aa0f95699cd31fae0ec2827c92
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d71e111e12643f8c35292b4b2f02f45935f76acba96d2f0d66f55bb752955644

Comments