MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f2a37ffffb9b0d9582ec1e0f47eaa7f8c38a6182abf165ab48aaba0864ff336. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f2a37ffffb9b0d9582ec1e0f47eaa7f8c38a6182abf165ab48aaba0864ff336
SHA3-384 hash: 9ecbefdecab026821b7023248d6bfe687062c7e33f3cc24810528bff3f1253ba59ab685587c797e3fbd9b966fb821f9c
SHA1 hash: b7a5f824834ff02cf71b95a3c492df67fbf37975
MD5 hash: 9383ab91a9be2b48dd45e448ffc77648
humanhash: gee-arizona-stairway-echo
File name:Payment copy SOA.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:523'892 bytes
First seen:2020-10-08 17:48:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:7JitcIgOwypsYdmQIj5pUBzeokDRYtfuwO59DSjMKr:7JacIDwSdmQIj5pUwvRYEV+gKr
TLSH 74B423EA82C3F39B86B93E2846D0765D51C5421D80721BBE9CC0B92C35DA0EADB4DD5B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server1.citgroupltd.com
Sending IP: 213.246.108.82
From: Sales Pandisteel <sales@pandisteel.com>
Reply-To: sales@pandisteel.com
Subject: RE: RE: PAYMENT SOA AUG/JULY
Attachment: Payment copy SOA.zip (contains "Payment copy SOA.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f2a37ffffb9b0d9582ec1e0f47eaa7f8c38a6182abf165ab48aaba0864ff336/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 16:27:56 UTC
AV detection:
18 of 47 (38.30%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4vdp777xgynswboyhqpi7vkp6gdrjqyfk7rmwvurkv2bbsp6m3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f2a37ffffb9b0d9582ec1e0f47eaa7f8c38a6182abf165ab48aaba0864ff336

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9f2a37ffffb9b0d9582ec1e0f47eaa7f8c38a6182abf165ab48aaba0864ff336

(this sample)

AgentTesla

Executable exe 339638b772ed1031ed7f32d3ea6c5020306a39062a166e8bc26aa0af60bd55fb

  
Dropping
MD5 30dc794ed28d6354bf2dd51f4ed827cd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 339638b772ed1031ed7f32d3ea6c5020306a39062a166e8bc26aa0af60bd55fb

Comments