MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60da15fcff09ae3f50f8f94b8635fc00e4cfe50cfb5b8af15b508bdd1941db19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60da15fcff09ae3f50f8f94b8635fc00e4cfe50cfb5b8af15b508bdd1941db19
SHA3-384 hash: 24965a859aac770f96e71f0f7a3abd467c84e759083a86cbacd9ebef2c617bbaee8d567ae05d8aa5aeb9e32d51e8feca
SHA1 hash: bd72f1a5723044974cf0387923185e94b012ddd5
MD5 hash: 848287e6a195865a09f8ed551c989bf8
humanhash: don-golf-bluebird-sink
File name:MT XIN SHEN YANGV66.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:565'060 bytes
First seen:2021-03-03 07:31:58 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:cRPxfDbyZpFYFk+yUfOt1nOUlyHsjxI0DmFgPeoQflJJt7dm:cRJ3zyUfOrOmmyPeoQflJJtJm
TLSH 83C433202DDF23725C03F6758647FCF3C26B2F1415D2D52D6AB9A82A628D22FDD86D90
Reporter abuse_ch
Tags:cab


Avatar
abuse_ch
Malspam distributing unidentified malware:

From: "parkjh/JiHyun Park(COSCOKOREA SEOUL)" <park.jh@coscokorea.com>
Subject: MT XIN SHEN YANG(V66)/AGENCY APPOINTMENT
Attachment: MT XIN SHEN YANGV66.cab (contains "MT XIN SHEN YANG(V66).exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36436069.19415.15794.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60da15fcff09ae3f50f8f94b8635fc00e4cfe50cfb5b8af15b508bdd1941db19/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 04:38:29 UTC
AV detection:
8 of 47 (17.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mdnbl7h7bgxd6uhy7ffymnp4adsm7zim7nnyv4k3kcf52gkb3mmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/60da15fcff09ae3f50f8f94b8635fc00e4cfe50cfb5b8af15b508bdd1941db19

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 60da15fcff09ae3f50f8f94b8635fc00e4cfe50cfb5b8af15b508bdd1941db19

(this sample)

AgentTesla

Executable exe 3d081fe070ed59a22e54ef3c7aca5eb6168f9068899e5d5510d0bb8e91b5d02f

  
Dropping
MD5 b8dc799a2371022afa1564bf4ce72a89
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3d081fe070ed59a22e54ef3c7aca5eb6168f9068899e5d5510d0bb8e91b5d02f

Comments