MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5d66e7427b8bae9a995971eae10cf47c442b9e58b5bde79610ebe18818bf064. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5d66e7427b8bae9a995971eae10cf47c442b9e58b5bde79610ebe18818bf064
SHA3-384 hash: 6642340cb0b7f7603a9098431c50808915e9e8f1823ca548c69e6928242cf39a7a637c8751e0ed1301a61ab9163a7738
SHA1 hash: b67c3087550c66e0493f69277a07300cd7ec87ac
MD5 hash: 35c596e98c7cc5d5c89a8f25bba2cfdf
humanhash: quebec-march-pasta-grey
File name:Air-Shipment.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:494'930 bytes
First seen:2020-11-16 15:38:24 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:36/ydH/AXqyT4cE28M3L43Dkn4s/HAUz7kg:3NlAXqyEcPdAmnkg
TLSH 50B4237C687B34DAACC8C36696042762307FB7366E8F9A57D879673C8C5AC84D0F1468
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Vivanco Ranadive <vivanco.ranadive@sunskyonline.com>" (likely spoofed)
Received: "from host.computerrentalsonline.com (host.computerrentalsonline.com [67.227.188.122]) "
Date: "Mon, 16 Nov 2020 10:06:57 -0500"
Subject: "Air-Shipment Booking for Sun Sky online"
Attachment: "Air-Shipment.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Fareit.jc.12106.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5d66e7427b8bae9a995971eae10cf47c442b9e58b5bde79610ebe18818bf064/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-16 13:57:48 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wxlg45bhxc5otkmvs4pk4egpi7cefopfrnn546lbb27braml6bsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b5d66e7427b8bae9a995971eae10cf47c442b9e58b5bde79610ebe18818bf064

(this sample)

AgentTesla

Executable exe 4574055c204f272af805107051d06291970dfa5e1f05fafd268f17b499b3ebf8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4574055c204f272af805107051d06291970dfa5e1f05fafd268f17b499b3ebf8

Comments