MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51e66da9edde893a5256802ac71b04360925d3b5cf5f61f8b46a70420400c182. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51e66da9edde893a5256802ac71b04360925d3b5cf5f61f8b46a70420400c182
SHA3-384 hash: dfa5096f546a8e745db0911abde76b25266fe7596792210325ece023823f9aa8ab4509467d2eff4cb7bf859a7f5fb449
SHA1 hash: 348594d32f27f3afb56618269c990b583bf39871
MD5 hash: da3cb4449b0d38df5c78fdc589771a32
humanhash: whiskey-equal-fifteen-papa
File name:PAID US$2380.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:352'384 bytes
First seen:2020-09-28 05:22:25 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:U0fvYAgXekqHDezyQWje1sraBVea7IaybZXwp51Sy7FWWASZ2xCw3mGigC:/QkB8yDC10a7f7CRo19WW92xCw3N+
TLSH 947423BBB682CD16E2FBA4B0E1EEC4D4D831078358918DB265E2FC99487C3CD91C7A11
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Natasja Sommer <natasja.sommer@jtiqualityspices.com>"
Received: "from s10.smartlytechs.com (s10.smartlytechs.com [62.67.51.8]) "
Date: "Sun, 27 Sep 2020 22:57:40 +0200"
Subject: "Money Transfer from Jti Qualityspices Company"
Attachment: "PAID US$2380.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.437.26248.31110.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51e66da9edde893a5256802ac71b04360925d3b5cf5f61f8b46a70420400c182/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-09-27 20:22:09 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=khtg3kpn32etuuswqavmogyegyeslu5vz5pwd6funjyeebaaygba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Zapchast
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51e66da9edde893a5256802ac71b04360925d3b5cf5f61f8b46a70420400c182

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 51e66da9edde893a5256802ac71b04360925d3b5cf5f61f8b46a70420400c182

(this sample)

AgentTesla

Executable exe 96bb500afd48645a966af87ba319dc72388964f84726552f72f31c936c7628b2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 96bb500afd48645a966af87ba319dc72388964f84726552f72f31c936c7628b2

Comments