MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8a804a0654419bbf625f782c66ed5663dcfdf8940194cce7f16d498e15ba083. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8a804a0654419bbf625f782c66ed5663dcfdf8940194cce7f16d498e15ba083
SHA3-384 hash: 3ed0e7d650ebf2e8ef2b2ace708365a868ac6c19ab1c9f522d1087272b0877cbc3c5f221f8b7b28d06fa1247b0679f4d
SHA1 hash: 437bad397d158158bb59979e67fe316ccf3d0fdd
MD5 hash: 1dca417648fc70622e0f20869b80c8db
humanhash: earth-rugby-magazine-romeo
File name:AST-DRAWINGS.IMG.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:383'593 bytes
First seen:2020-08-18 13:22:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:eZZhvVwbzPHla2tawoUyQKcwq8sH1/krEF8ev2m2qhbtqHfGt1TtskEQMzjzj/FO:8yPHptaiKrFrEF8evo4JgGt1TOkEQMjw
TLSH 58842371F811A708AEFC1022FF353130B63F08B3D5AB3B20D13BB916519A4596BA587D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: smtp16.dnsxperta.com
Sending IP: 217.13.93.131
From: Connie, Sacking <connie@amidas-sec.com>
Subject: FYI
Attachment: AST-DRAWINGS.IMG.rar (contains "AST-DRAWINGS.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8a804a0654419bbf625f782c66ed5663dcfdf8940194cce7f16d498e15ba083/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 13:24:12 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xcuajidfiqm3x5rf66bmm3wvmy647x4jiamuztt7c3kjryk3ucbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b8a804a0654419bbf625f782c66ed5663dcfdf8940194cce7f16d498e15ba083

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b8a804a0654419bbf625f782c66ed5663dcfdf8940194cce7f16d498e15ba083

(this sample)

AgentTesla

Executable exe 1041153379c269bf53b5a08bb85d576d4f5bf9a0b711f42686dbfbff035ee995

  
Dropping
MD5 6cae271822eadb1595d61d43bd032553
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1041153379c269bf53b5a08bb85d576d4f5bf9a0b711f42686dbfbff035ee995

Comments