MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45c790adca6576a88c6060e68a9fcf11b54086206526f64ddd3e0fb7fd03fb65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 45c790adca6576a88c6060e68a9fcf11b54086206526f64ddd3e0fb7fd03fb65
SHA3-384 hash: 74c279c14d02dfca738bfa992eb6bbc3d774b32cd9cf452bfdc335eea843a2a915cc4aa15c38b0f2e659a9186c63616d
SHA1 hash: 3f9dfafeed4080935e6d93b6bc7143a926b579e3
MD5 hash: 446daf31d593162e6060cc279305de69
humanhash: solar-october-papa-eight
File name:RFQ ICT-200068-MKE-AL ESTISHARI_pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:693'227 bytes
First seen:2020-08-17 06:14:09 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:xZ/YDKhgHSg2VL/f1imoJb4jo8hF1WTf4vwHumk3EBNiYCTts5w3bvd:xSDLHv+j1Dulq4GwHLkuCpmw3Ld
TLSH 9BE423D8FA35325A74C90261FF83AA1E5447D8BBB6D0FECF5DDB498CA224B448487D90
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: de.uitn.com
Sending IP: 144.76.245.34
From: ELGADI MOHAMED <oa05438@mellitahog.ly>
Reply-To: Mohamed shaban <soomla6384@yahoo.com>
Subject: RFQ ICT-200068-MKE
Attachment: RFQ ICT-200068-MKE-AL ESTISHARI_pdf.7z (contains "RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/45c790adca6576a88c6060e68a9fcf11b54086206526f64ddd3e0fb7fd03fb65/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 06:16:05 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ixdzblokmv3krddamdtivh6pcg2ubbramutpmto5hyh3p7id7nsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/45c790adca6576a88c6060e68a9fcf11b54086206526f64ddd3e0fb7fd03fb65

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 45c790adca6576a88c6060e68a9fcf11b54086206526f64ddd3e0fb7fd03fb65

(this sample)

AgentTesla

Executable exe 8088f8d52a48e444235051f73da109c02213f81d1584516f4aa121c4b6a0925e

  
Dropping
MD5 e94c4af1e9b9252ae0d945496f4acdb7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8088f8d52a48e444235051f73da109c02213f81d1584516f4aa121c4b6a0925e

Comments