MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd0bc188c3dc9db6dfe172f741057a0b125fc5929c918e5bf6da9db4f25a5965. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd0bc188c3dc9db6dfe172f741057a0b125fc5929c918e5bf6da9db4f25a5965
SHA3-384 hash: 1fcc2b4c36ba74a37f2739b21c1597f365b72520bbe8659f7126029b6152195d0a695c1df0c631aece91bc1c368dc824
SHA1 hash: fed2b51488c9991b815d2a23bcd53ccbc1bce8b5
MD5 hash: ef23576ed90e4d18cd3a63bb25a61cd6
humanhash: robin-missouri-seven-monkey
File name:payment_copy.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:505'093 bytes
First seen:2020-06-04 09:10:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Sti1Prit+ApkT0CZKE+9W/Y32pAIao3xooe/T8iMSpN:HqPk4CAWo2pl332oe/QiMSpN
TLSH D3B42375892C82EC48E2079DA3B90B7C98569F4538494EF9C1E7ED8E67DBD8F041930E
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.belflax.pt
Sending IP: 85.204.116.188
From: le@astonic.site
Subject: Payment Confirmation
Attachment: payment_copy.zip (contains "payment_copy.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25080.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23482.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 09:36:36 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zuf4dcgd3so3nx7bol3ucbl2bmjf7rmstsiy4w7w3ko3j4s2lfsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cd0bc188c3dc9db6dfe172f741057a0b125fc5929c918e5bf6da9db4f25a5965

(this sample)

AgentTesla

Executable exe d0a5879ca1972047afbdf730b2ef1c09b6b74e93b35d6e1afe68d50261e0c771

  
Dropping
MD5 ac1a8206adb3d237cde83fc94bd94a9e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d0a5879ca1972047afbdf730b2ef1c09b6b74e93b35d6e1afe68d50261e0c771

Comments