MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a22ce294b401ba348133460ba9716e7965ed87e68e36f377e5212612f801357b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a22ce294b401ba348133460ba9716e7965ed87e68e36f377e5212612f801357b
SHA3-384 hash: df05f7150f46c3bc63cba1150983a08eaedfef2273ee455b0f1df9f6dcba28adb3b1ae159d3a4dc1bb96d4ca45173efc
SHA1 hash: 622a6e015e2e23c0247688e175990962583134db
MD5 hash: 32a229e65334a95986beb7b2c8492938
humanhash: seventeen-december-stream-five
File name:Factura de clients_0010002346.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:585'247 bytes
First seen:2020-10-05 11:46:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:bDlNdxe+CPdibg9osc1xvuAHNZijq29SdNfwkzePq:HdM/dleuAti/ozfnePq
TLSH 37C423656896FE43C8D0349C85A86A3A5AE941B28CFEB1FB203DB5541EF170F4DB3609
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: terregroup.pw
Sending IP: 64.225.98.54
From: Administracion <contact@terregroup.pw>
Reply-To: duldi@duldi.com
Subject: Factura de Clients
Attachment: Factura de clients_0010002346.rar (contains "Factura de clients_0010002346.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a22ce294b401ba348133460ba9716e7965ed87e68e36f377e5212612f801357b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-05 07:03:43 UTC
AV detection:
5 of 47 (10.64%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uiwofffuag5djajtiyf2s4lopfs63b7gry3pg57feetbf6abgv5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a22ce294b401ba348133460ba9716e7965ed87e68e36f377e5212612f801357b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a22ce294b401ba348133460ba9716e7965ed87e68e36f377e5212612f801357b

(this sample)

AgentTesla

Executable exe 6378dda8047cccbf0228f9a7c92e6c1650255bbb4fbde0e20c05149f50518dc6

  
Dropping
MD5 d5831fb8bda677d26a42446b9f11cf65
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6378dda8047cccbf0228f9a7c92e6c1650255bbb4fbde0e20c05149f50518dc6

Comments