MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66287a80d9c26dfa1530bf4cc42bca936c8e6a416dfbc331f60fc766c2e9e3b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66287a80d9c26dfa1530bf4cc42bca936c8e6a416dfbc331f60fc766c2e9e3b3
SHA3-384 hash: 819802519b16345eafe55e061a547d57889821359941d65700eb0bb024f08e2ea624ad281b030122201ba85761523c4a
SHA1 hash: 627f2dd32eb963e26699bc7df4ff33eb6461543e
MD5 hash: 480ccbc5a705fe9cb705edb09e044dd0
humanhash: east-hydrogen-pasta-cat
File name:Shipping Invoice No. ASEUP146,147 148 BY ICD LONI.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:495'946 bytes
First seen:2020-08-11 13:58:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:XQkE+KknBhbp3ejxkMUpBfQfyr90bZOo5L6/s:gkqkn9ejuMkgyr6FOoYE
TLSH 5BB42352B2DEF4B873497B6B64A9186D0F4B8B30E01E2C4F1979FD18A9AD853D1D1307
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ca.casterweb.live
Sending IP: 45.95.171.3
From: Tan Kheng Hui <documents@alsameerexports.com>
Reply-To: Tan Kheng Hui <info@casterweb.live>
Subject: Shipping Invoice No. ASE/UP/146,147 & 148 BY ICD LONI
Attachment: Shipping Invoice No. ASEUP146,147 148 BY ICD LONI.rar (contains "Shipping Invoice No. ASEUP146,147 & 148 BY ICD LONI.exe")

AgentTesla SMTP exfil server:
smtp.imp-powers.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66287a80d9c26dfa1530bf4cc42bca936c8e6a416dfbc331f60fc766c2e9e3b3/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 13:59:07 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=myuhvagzyjw7ufjqx5gmik6ksnwi42sbnx54gmpwb7dwnqxj4ozq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/66287a80d9c26dfa1530bf4cc42bca936c8e6a416dfbc331f60fc766c2e9e3b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 66287a80d9c26dfa1530bf4cc42bca936c8e6a416dfbc331f60fc766c2e9e3b3

(this sample)

AgentTesla

Executable exe a25ee2ac59e84a1bb440b54b4fde5646c8229ca2b896c99657c995b6fc06fddf

  
Dropping
MD5 0f58bb926e938e871cc0be93f73979c9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a25ee2ac59e84a1bb440b54b4fde5646c8229ca2b896c99657c995b6fc06fddf

Comments