MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1faff57e041b52c6dc2a251eb60521621fc796330169d4e5b04a6e84cf49bf2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c1faff57e041b52c6dc2a251eb60521621fc796330169d4e5b04a6e84cf49bf2
SHA3-384 hash: 97f9bfecb61af0c1257b75ba96decdcb36a00c3ad4e3d8c46516ffe36915a909a1c1e57736825e74d175be0c6b46184f
SHA1 hash: da61793b805a60d6958725b7817e611e1e16d17f
MD5 hash: 83b084e31d22420172b512c13d85fb29
humanhash: papa-moon-delta-saturn
File name:Designs _Invoice_logo_me_Pictures_pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:3'029'435 bytes
First seen:2020-08-31 09:26:28 UTC
Last seen:2020-08-31 10:49:09 UTC
File type: zip
MIME type:application/zip
ssdeep 49152:UPACdy094tPQP4lpFUJtTLtPbn8blKsfiuH9hvNjp299g5LPEimeEILuPHaagAiY:KACd4IPoFOtBb6lKg7vNjpgghEimvIL8
TLSH F7E533BE70694AAD914F002B5928921720CA0F2A33FFD7574DAD02A73FD97D9683861D
Reporter abuse_ch
Tags:AveMariaRAT RAT Yahoo zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: sonic307-7.consmr.mail.ir2.yahoo.com
Sending IP: 87.248.110.32
From: mobili sarl <sabrinahamper3@yahoo.com>
Reply-To: sabrinahamper3@yahoo.com
Subject: Re: INDUSTRIAL ORDER
Attachment: Designs _Invoice_logo_me_Pictures_pdf.zip (contains "Invoices12032018 pdf pdf pdf pdf.exe")

AveMariaRAT C2:
216.170.119.24:5200

Intelligence

File Origin
# of uploads :
4
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.adba8eb89fb39495.11401.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c1faff57e041b52c6dc2a251eb60521621fc796330169d4e5b04a6e84cf49bf2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 03:30:23 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yh5p6v7aig2sy3ocuji6wycscyq7y6ldgalj2ts3astoqthutpza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c1faff57e041b52c6dc2a251eb60521621fc796330169d4e5b04a6e84cf49bf2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c1faff57e041b52c6dc2a251eb60521621fc796330169d4e5b04a6e84cf49bf2

(this sample)

AveMariaRAT

Executable exe f0610807d973782048ad57275cdbb730da9974ea54f6de294f6e8ea82eca2d98

  
Dropping
MD5 adba8eb89fb39495c55c143d2e46b70e
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0610807d973782048ad57275cdbb730da9974ea54f6de294f6e8ea82eca2d98
  
Dropping
SHA256 d98b551ba123d7020b8bcc1835f0bbeb103e50d18a3d341771e1a05b1edfaf87
  
Dropping
MD5 f18c8bfd7050c5c9e3b5490eb056281c
  
Dropping
SHA256 f1c80232eaed26af259c818427b444f12057b9329804da8ded13ec9fd20d3413
  
Dropping
MD5 2ede82a76d48e1a1cf3d3c55b18db290
  
Dropping
SHA256 058edd37e76814c72e3b158791ec7ce2313550521bd522dba07d6c21903aee7b
  
Dropping
MD5 6fef3cbba153c0f075035ec92dfb6e9a

Comments