MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 932ca48307370d1019ade8c5f9312d6f96f7d565715f48f4a4c35a045702cef2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 932ca48307370d1019ade8c5f9312d6f96f7d565715f48f4a4c35a045702cef2
SHA3-384 hash: edc1be741513bf6acd1c79acf0e636e66440e080d7089eb30ed27a34412c4c7a3f638ee8ffb24474714556670f3c7c86
SHA1 hash: 0a23493703fc700e6893c2348fa9bb155ab5ccee
MD5 hash: 5ba8b1ee47b934c42ff521dc3c47da79
humanhash: quebec-beer-fifteen-friend
File name:RFQ TRQ22-06-20200051_pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:235'842 bytes
First seen:2020-07-05 10:03:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:tIHkuOQldb30aYLIm+pei1ukOcu3NpisjAhnzRpBZLpKMK:UROIAaYLImM1vOH7AnzjfL8b
TLSH 2E3412C92FFEEA5DB50EF5814471004AB271CA2C0305F627033B451BFE6A676A57DAB2
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: [109.169.89.116]
Sending IP: 109.169.89.116
From: Stefania Pitta < lnfo@lenz-schmierstoffe.de>
Subject: RFQ: TRQ22-06-20200051(Closing Date: 9th JULY 2020)
Attachment: RFQ TRQ22-06-20200051_pdf.zip (contains "RFQ TRQ22-06-20200051_pdf.exe")

AgentTesla SMTP exfil server:
cpanel.skyhost.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/932ca48307370d1019ade8c5f9312d6f96f7d565715f48f4a4c35a045702cef2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 10:05:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=smwkjayhg4gragnn5dc7smjnn6lppvlfofpur5feynnaivycz3za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 932ca48307370d1019ade8c5f9312d6f96f7d565715f48f4a4c35a045702cef2

(this sample)

AgentTesla

Executable exe d69aa1932b2e702e5065ee19da9fc9cf2b05e7dbaa617141b14eaa501a14955e

  
Dropping
MD5 154aa4440eee43b6472416eeb938f9e8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d69aa1932b2e702e5065ee19da9fc9cf2b05e7dbaa617141b14eaa501a14955e

Comments