MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6dfce43d5ccd8d2aad38388fcc92f599c46dbba8233d9dfc8ae8ef3c6d0e3e17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6dfce43d5ccd8d2aad38388fcc92f599c46dbba8233d9dfc8ae8ef3c6d0e3e17
SHA3-384 hash: fcee579cb530175f03da003894e410b029677c801ffb81a02dc7c73187664408b4ed0a4c181d1226f31edb47f92cac94
SHA1 hash: 0f8fa7ac42ec9c0ff4226a1628e6ff62fa534832
MD5 hash: 6d6c1c32b2bdf9f2e6f52b26b35c7145
humanhash: low-bacon-sierra-xray
File name:Payment Receipt.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:726'547 bytes
First seen:2021-01-08 08:24:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:LFUMvsWr9EZkbdHWgVuG6YPpwybNHk1dHBAxrVuP8NgjdIS+k1RVXFsoB+is3doc:LFUMvsoPbdWg1zbNHwB4xu0NAdok1Rfa
TLSH A7F4331E32214A03B0C5CD76316F6D6176A43FF0A2C975FE36BFC636F26A8547601A09
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: relay13.raiolanetworks.com
Sending IP: 217.182.121.196
From: email@holyland.com.pk
Subject: Payment Receipt
Attachment: Payment Receipt.zip (contains "Payment Receipt.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
165
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.22144.11968.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6dfce43d5ccd8d2aad38388fcc92f599c46dbba8233d9dfc8ae8ef3c6d0e3e17/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-08 08:25:15 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nx6oipk4zwgsvljyhch4zexvthcg3o5iem6z37ek5dxty3iohylq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6dfce43d5ccd8d2aad38388fcc92f599c46dbba8233d9dfc8ae8ef3c6d0e3e17

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6dfce43d5ccd8d2aad38388fcc92f599c46dbba8233d9dfc8ae8ef3c6d0e3e17

(this sample)

AgentTesla

Executable exe b98d50c1513a1d87065ba386b604094baebea514f3579b44e9323d8a4a378442

  
Dropping
MD5 6c3715c7fcb7b9945a8537d1fa961eb3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b98d50c1513a1d87065ba386b604094baebea514f3579b44e9323d8a4a378442

Comments