MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 747f6dcb5ddae7e0f0b3841962c9a662a915dc712b444519e4009867eb7e293a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 747f6dcb5ddae7e0f0b3841962c9a662a915dc712b444519e4009867eb7e293a
SHA3-384 hash: 9c38c146ac796b20bf054ec5802539f5c7d22b9b712224093000aad79099f02c7880a917105499fa87e49cf5e3a2888a
SHA1 hash: 689c08a01d5f66bb08c2aee8c55e2a3146dec018
MD5 hash: c69a6947dd979fda9157727aa0d5722d
humanhash: crazy-pluto-carpet-nitrogen
File name:New order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:682'729 bytes
First seen:2021-01-25 06:20:23 UTC
Last seen:2021-01-25 06:21:04 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:D2bGe2ieeNgoo5/4V/+Vxh+NZBmh/XETHgzwTxm18mJa0dll:4e99/4V/+p+NZBmtXETHgzwTVmU0F
TLSH 9EE43313CD9399CADA24EEA18575CA4C77446B9BD314FF0B04C06A2BDA354ECC6B86F1
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "phil@cyber.net.pk" (likely spoofed)
Received: "from webmail.cyber.net.pk (mail.cyber.net.pk [203.101.175.37]) "
Date: "Mon, 25 Jan 2021 03:57:19 +0100"
Subject: "=?UTF-8?Q?New_order_//_Cedar=E2=80=99s_order_2021=2E?="
Attachment: "New order.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25510.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/747f6dcb5ddae7e0f0b3841962c9a662a915dc712b444519e4009867eb7e293a/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-25 06:21:06 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
18 of 46 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=or7w3s253lt6b4ftqqmwfsngmkurlxdrfncekgpeacmgp236fe5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/747f6dcb5ddae7e0f0b3841962c9a662a915dc712b444519e4009867eb7e293a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 747f6dcb5ddae7e0f0b3841962c9a662a915dc712b444519e4009867eb7e293a

(this sample)

AgentTesla

Executable exe 606eeab956905f8a7f4ef02f7418e9a6ac4facbd2445fd1e3a1cb00a94113525

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 606eeab956905f8a7f4ef02f7418e9a6ac4facbd2445fd1e3a1cb00a94113525
  
Dropping
AgentTesla

Comments