MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e5f526023099eb798f2cee4ac4f61546b4ec55124cd5e33c6de82c1b3fe1b5c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e5f526023099eb798f2cee4ac4f61546b4ec55124cd5e33c6de82c1b3fe1b5c
SHA3-384 hash: 8e934dbe75e13f51ec4b1beefddfad2c57f7d1057e6a43b810f265f261a464b7f997ac30bd5fe25c5c11a0c3f7ee5591
SHA1 hash: 26ce5be7e23799a8602aa12901308bfaaac8b3a7
MD5 hash: 9050ae83496cfc5fb05673eb8b28cad3
humanhash: virginia-music-double-fruit
File name:Payment Advice_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:690'659 bytes
First seen:2020-08-18 10:08:50 UTC
Last seen:2020-08-18 10:10:46 UTC
File type: gz
MIME type:application/gzip
ssdeep 12288:UA2SNZ4MbXwLNK1XKz3tWfBZofGjixY7OYPD6bAmSnTfKm6D69nc:UAxN6V9TtWrXNZ6E5W5
TLSH 4CE423F5264184199C66993C2939BEC3460ADAE0F9E2CCD5DDAE78C5C3279EF523C604
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.ptjlg.co.id
Sending IP: 103.253.68.52
From: Cash management Dept. <cash.management@boa.com>
Subject: Global Payments and Cash Management
Attachment: Payment Advice_pdf.gz (contains "Payment Advice_pdf.exe")

AgentTesla SMTP exfil server:
mail.mahandor.com:587

Intelligence

File Origin
# of uploads :
3
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e5f526023099eb798f2cee4ac4f61546b4ec55124cd5e33c6de82c1b3fe1b5c/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 10:10:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzpveybdbgplpghsz3skyt3bkrvu5rkretgv4m6g32bmdm76dnoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 9e5f526023099eb798f2cee4ac4f61546b4ec55124cd5e33c6de82c1b3fe1b5c

(this sample)

AgentTesla

Executable exe 68fc1b87f19de1765e5dab39ebabef62e2acf44a61942918016dad9513e8b910

  
Dropping
MD5 acdf61b83e2097c02aa579b8ca83d26b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 68fc1b87f19de1765e5dab39ebabef62e2acf44a61942918016dad9513e8b910

Comments