MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b4ab56ede4d750bd0dac56a30f61c3293686f9f9de46023260e2901163810d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b4ab56ede4d750bd0dac56a30f61c3293686f9f9de46023260e2901163810d4
SHA3-384 hash: 9d54cac2c2e226d4ae847ca5119eba94c9a65c42c60618bc167d5cb51691066a15a8614d7a4160ad4fc95df921c7151b
SHA1 hash: e6027ab81eba811123d698ea984bbf5caed68802
MD5 hash: b94fd3f16019afcb106fd7d2e17e3d7f
humanhash: five-fourteen-delaware-vegan
File name:PO6447484838.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:69'896 bytes
First seen:2020-10-20 08:22:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 1536:RWLtKac+AoXEmJeJPWjEu2lTz36m8jWIi5bF68cHHPMwi:R+tdcvoX+C2xz3SjWImYLnPMl
TLSH 096302E9504DC26A14292179ECE9F0D263B000F8D025589FB475D288E5B16CFEECDB7D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: outgoing12.jnb.host-h.net
Sending IP: 129.232.250.60
From: Thayalan Perumal (BUILDER) <nelson@ngipsatelecomms.co.za>
Subject: Fwd: Please send invoice
Attachment: PO6447484838.rar (contains "PO6447484838.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.22076.12449.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b4ab56ede4d750bd0dac56a30f61c3293686f9f9de46023260e2901163810d4/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 05:07:01 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hnflk3w6jv2qxug2yvvdb5q4gkjwq347txsgaizgbyuqcfrycdka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3b4ab56ede4d750bd0dac56a30f61c3293686f9f9de46023260e2901163810d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3b4ab56ede4d750bd0dac56a30f61c3293686f9f9de46023260e2901163810d4

(this sample)

AgentTesla

Executable exe cc6c48150c475d3312f01a96a5301e2263cc4c821e2d6a48b4bb2bdb07edb968

  
Dropping
MD5 2c2541097930623674dacb247acae45d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc6c48150c475d3312f01a96a5301e2263cc4c821e2d6a48b4bb2bdb07edb968

Comments