MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 be946c6d4365f8e72d35a51bccf30cbab9c95ab8cbf6369f89097ffa20a34680. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: be946c6d4365f8e72d35a51bccf30cbab9c95ab8cbf6369f89097ffa20a34680
SHA3-384 hash: 786718889bd7585c34ad2a8da43df18b81f0ac33413d392d2f237e97f1c4c35ee6acf7922a20f35c69f344edc03ef699
SHA1 hash: c14008fea357ef19fac3f22a19d3a11386c0178a
MD5 hash: 93ad89e5ebeb6e369f3e5b38b23b1221
humanhash: batman-dakota-apart-equal
File name:LISTA DE INQUÉRITOS.PDF.7Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:429'139 bytes
First seen:2020-06-24 08:30:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:9w/YTS/uyJD5AkJsyg2eMVa0NMawdh/izldrT4v7:96YTS/uYekJsy9eMw0NMaYdizld67
TLSH 4A942374E127288E1DCB21B95895CDA372C4B2E762A239D25F81F7FA53E14130D87ADC
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nxcloud.nslfire.co.uk
Sending IP: 77.68.84.130
From: DYNASTY INTERNATIONAL TRADE CO.LTD <DYNASTY-INT@hotmail.com>
Subject: LISTA DE PEDIDOS PARA NOVA ORDEM
Attachment: LISTA DE INQUÉRITOS.PDF.7Z (contains "PGWOugNaxyiVRoa.exe")

AgentTesla SMTP exfil server:
mail.mueblesdetiendas.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/be946c6d4365f8e72d35a51bccf30cbab9c95ab8cbf6369f89097ffa20a34680/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 08:32:05 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x2kgy3kdmx4ooljvuun4z4ymxk44swvyzp3dnh4jbf77uifdi2aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip be946c6d4365f8e72d35a51bccf30cbab9c95ab8cbf6369f89097ffa20a34680

(this sample)

AgentTesla

Executable exe 69e1a15be2f6adc6268ec617568b3d2725122eb8d34873c23a7117b24e8b6854

  
Dropping
MD5 30d5412b432db53cb0d77d8a286753b2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69e1a15be2f6adc6268ec617568b3d2725122eb8d34873c23a7117b24e8b6854

Comments