MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 865c0cdd3bde9841d721ffd20f800789900bd31cf2cfe80ef284fe43589ed75b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 865c0cdd3bde9841d721ffd20f800789900bd31cf2cfe80ef284fe43589ed75b
SHA3-384 hash: 457fe9f63fe01cfbde96ba72024de4b450506062276887087e09c3efbc9c733d64120f601d5d24e819860f6a2fee4133
SHA1 hash: 0b097dfdc85b6cb981b5a8e615767c9a6025df39
MD5 hash: 9ccf63827ec1a278c9ebd380e87daed6
humanhash: earth-ten-mobile-maine
File name:TrenwaTradingPteLtd_AprilOrder_76012320.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'507'328 bytes
First seen:2021-04-08 10:05:23 UTC
Last seen:2021-04-08 10:05:51 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:dASAIIK2eESC92/+WjfrGiEMCYPXVK0UC8cHpM+liUCDqOHxVMqIK1eES:+QIVd2/+WLCRM3/VK0rAUCDLHxKqII
TLSH BA656DE179D8FBFAEC0826F1AC5234D3C6721C9B9019EF9D2CA6B1852C641624D3F25D
Reporter cocaman
Tags:AgentTesla img


Avatar
cocaman
Malicious email (T1566.001)
From: ""Mr T.C. Lee/Choon Lian <trenwa84@singnet.com.sg>" <admin@getemails.website>" (likely spoofed)
Received: "from getemails.website (unknown [103.82.24.104]) "
Date: "Thu, 8 Apr 2021 16:56:23 +0700 (ICT)"
Subject: "REQUEST FOR QUOTATION FOR APRIL PRODUCTION"
Attachment: "TrenwaTradingPteLtd_AprilOrder_76012320.img"

Intelligence

File Origin
# of uploads :
2
# of downloads :
116
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.UDS.Backdoor.MSIL.Androm.gen.13071.19695.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/865c0cdd3bde9841d721ffd20f800789900bd31cf2cfe80ef284fe43589ed75b/
Threat name:
Win32.PUA.Wacapew
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 10:06:06 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
6 of 48 (12.50%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qzoazxj332medvzb77ja7aahrgiaxuy46lh6qdxsqt7egwe625nq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/865c0cdd3bde9841d721ffd20f800789900bd31cf2cfe80ef284fe43589ed75b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 865c0cdd3bde9841d721ffd20f800789900bd31cf2cfe80ef284fe43589ed75b

(this sample)

AgentTesla

Executable exe 5aaae83a4b166e0cb4a3a5841c6b92c39c66b2c8dabbe9e304c7865237c9ad5b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5aaae83a4b166e0cb4a3a5841c6b92c39c66b2c8dabbe9e304c7865237c9ad5b
  
Dropping
AgentTesla

Comments