MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b362c535f3d43bfbb415a1ae4c2d59d93e34a250fc451e441c8211e9a725a344. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b362c535f3d43bfbb415a1ae4c2d59d93e34a250fc451e441c8211e9a725a344
SHA3-384 hash: ae18eca29efd520971a77968e4a9e9f9a75e0c1a59d619c3f9cf48ce29e2e453013a4987c226bc5a310cbe6a505395d1
SHA1 hash: 55c2376bde3e7d5f89d6798bc9af4dae00dbe891
MD5 hash: a72ed6db53d4b53f0b7ca00203693fdd
humanhash: single-freddie-bulldog-alaska
File name:98650107.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-11-26 06:45:38 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:lG9srNUcK26/DgHI50asAexqsrDgzXXzLrd2g+GXxN5ZGIx4jwE:wWaLp/DgHjjxzgDXzh
TLSH 2E454A8567502F2CFA1F0F36DC502E64106FAF967D99F3CE69947C027B726E0A921943
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.indofarm.in
Sending IP: 104.237.51.71
From: Kristina Rosalia <k.gacova@svemek.mk>
Subject: Re: Re: Re: Overdue Proforma Invoice
Attachment: 98650107.img (contains "98650107.pdf.exe")

AgentTesla SMTP exfil server:
mail.orisinlog.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b362c535f3d43bfbb415a1ae4c2d59d93e34a250fc451e441c8211e9a725a344/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 06:46:05 UTC
AV detection:
4 of 45 (8.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnrmknpt2q57xnavugxeylkz3e7djisq7rcr4ra4qii6tjzfunca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img b362c535f3d43bfbb415a1ae4c2d59d93e34a250fc451e441c8211e9a725a344

(this sample)

AgentTesla

Executable exe 9fd1365171b6855e5859a522a4642ae8c558e26ac2792a11b19a6a0ed8361c7b

  
Dropping
MD5 f59da0e1d30df4e697a8fd4e2a9d4837
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9fd1365171b6855e5859a522a4642ae8c558e26ac2792a11b19a6a0ed8361c7b

Comments