MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aea826c6b954598f3b08c5b6e261d969da6d17ab8f9ad151ab57d0990dd8f756. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aea826c6b954598f3b08c5b6e261d969da6d17ab8f9ad151ab57d0990dd8f756
SHA3-384 hash: f250b859c0d3edfb5ae54bd8d3ae8e16cfd0089ba73418e070315638d1d235ea1bc7ed14756235009339a53b979dfc21
SHA1 hash: 6070f73a902a97d5f6f9142b85d3fc611a557b7b
MD5 hash: eb511408f0408134630754070f6d4c28
humanhash: texas-kitten-north-september
File name:PO8776504343订购.bz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:446'064 bytes
First seen:2020-12-28 07:57:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ifSZsVK1J3y2Xb8EH0hhXognXFNejMYuP40M2hpNShcNrb:gEBJi2Xbb0bognXOwYuPw2hfEcN/
TLSH B294231B8D2B38C3332E6B53BBDE1DC1842122B243DE0AE7F79DF44D6A4D96D2556844
Reporter abuse_ch
Tags:bz


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.californiafinco.org
Sending IP: 111.90.146.142
From: Zhu Feng <kdamien@interpacc.com.au>
Subject: PO
Attachment: PO8776504343订购.bz (contains "PO8776504343订购.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
427
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aea826c6b954598f3b08c5b6e261d969da6d17ab8f9ad151ab57d0990dd8f756/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-12-28 02:50:24 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v2ucnrvzkrmy6oyiyw3oeyoznhng2f5lr6nncunlk7ijsdoy65la._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/aea826c6b954598f3b08c5b6e261d969da6d17ab8f9ad151ab57d0990dd8f756

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar aea826c6b954598f3b08c5b6e261d969da6d17ab8f9ad151ab57d0990dd8f756

(this sample)

AgentTesla

Executable exe 05bf19658e01f71db84080366721ac104481bd944e739802f7e46bdb8b210efa

  
Dropping
MD5 21ab2b20d3d2847c1744aef5ee5914fb
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 05bf19658e01f71db84080366721ac104481bd944e739802f7e46bdb8b210efa

Comments