MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 273da1a6ecde07fbdae0083512fc19700d4387ddeb8b87ca8857c4633bbffd74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 273da1a6ecde07fbdae0083512fc19700d4387ddeb8b87ca8857c4633bbffd74
SHA3-384 hash: bd329384e2a6f558faf58e1f05cc16dd70ed34abca665554436137207dc9d9ff41455442f237026ec66068a28e8d1f4f
SHA1 hash: d10a8b63595d2edb165639c8f54e53333414d361
MD5 hash: 5d7ee06d53146f185825b67e27d663c2
humanhash: stairway-magnesium-echo-lake
File name:Order CIE-03-08-2020 Enq 63-29-2 ABC_pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:506'370 bytes
First seen:2020-08-03 07:12:01 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:9pN2XdWWRbydV0hd/2aeLB5qZTYL25UU0V3q7D9:9ubMqK95q+MUU0VqF
TLSH 68B423F41DB5491DC98E8BE0613E5293FA1D9482BE79978194E8EC38AF6D1B1CC097CC
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: de.uitn.com
Sending IP: 148.251.248.181
From: Mohamed shaban <oa05438@mellitahog.ly>
Reply-To: Mohamed shaban <soomla6384@yahoo.com>
Subject: URGENT PURCHASE ORDER CIE-03-08-2020
Attachment: Order CIE-03-08-2020 Enq 63-29-2 ABC_pdf.7z (contains "Order CIE-03-08-2020 (Enq 63-29-2 ABC)_pdf.exe")

AgentTesla SMTP exfil server:
mail.specialmetal.ir:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/273da1a6ecde07fbdae0083512fc19700d4387ddeb8b87ca8857c4633bbffd74/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 07:13:07 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e462djxm3yd7xwxaba2rf7azoaguhb655ofypsuik7cggo577v2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/273da1a6ecde07fbdae0083512fc19700d4387ddeb8b87ca8857c4633bbffd74

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 273da1a6ecde07fbdae0083512fc19700d4387ddeb8b87ca8857c4633bbffd74

(this sample)

AgentTesla

Executable exe 4fd96327aca2d44216adea947c36d2913c82929fc2c124750322f13ae99262ba

  
Dropping
MD5 87855d7da99eac7997e613bb70239cd5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4fd96327aca2d44216adea947c36d2913c82929fc2c124750322f13ae99262ba

Comments