MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1
SHA3-384 hash: 99f24bf63b18379869750598ab5c0f1095c1fa3511cff3f24830d00176f0d3c8f0caed65046b9b6cfb3008e639fc1579
SHA1 hash: be9f0810e7b6e99fbae73dc1e15107355dd5755d
MD5 hash: bdf3b08d3b7d4ec80598264dcc35d9f7
humanhash: magnesium-carpet-william-comet
File name:QAOTATION.r13.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:376'832 bytes
First seen:2020-11-07 10:27:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3c71e8f02dc3eee71c99d7c46768840f (4 x AgentTesla, 3 x Formbook)
ssdeep 6144:zHX7q20wZiDh+m7APvvGmjxFJ3MXWSkV3Jfb2q1vyV7TmaXAuhr9MSAPVSj9orgz:zHX7z0wXmcLJ8XA5fxa7TmO5tAPVSj9n
Threatray 14 similar samples on MalwareBazaar
TLSH E984F13539C0C073E4A729340670DBB14E3EFA702F65589FA391177AAF743C2962996B
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: safasteel.com
Sending IP: 185.136.170.140
From: sales@safasteel.com
Subject: QAOTATION
Attachment: QAOTATION.r13.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/523812
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 311002 Sample: QAOTATION.r13.exe Startdate: 07/11/2020 Architecture: WINDOWS Score: 68 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Yara detected AgentTesla 2->21 23 Machine Learning detection for sample 2->23 6 QAOTATION.r13.exe 1 2->6         started        process3 process4 8 WerFault.exe 20 9 6->8         started        11 conhost.exe 6->11         started        13 MSBuild.exe 6->13         started        dnsIp5 15 192.168.2.1 unknown unknown 8->15
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 20:57:19 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
124bbabecb8fc90f529eabfbd3aec4e4604782ca267c954ecf9cf38f48b43aa4
AgentTesla
2128551c6363325c0d054a9a4d19bd066a9bde70d6ee860535d298d6961b54d7
AgentTesla
3617f1bf2ebcce123605dccd72dfbfc05f143d2698e159dc869e34ba38c91948
AgentTesla
6989ffe534c2303d7fcc4f5f8b81515a3d30a53ecb395a935bc46391de88b023
AgentTesla
6fa65eef03e50dbaba9ba7729d7d5f4a24d9302c028ec1640db45d47096ab29d
AgentTesla
832b94638ad0196de53e869de9d93e632e89f4b5115e0919f0977a10eb30e64d
AgentTesla
929fbc7cab19cf9f8f05e9d4b10a5c4a9707c960f9e6183fa8c8420baf045471
AgentTesla
deb96dddc557e467d8e3ac9bf5ee8fc167f74461d84e823925c0f8c7b33422e7
AgentTesla
f6eb71b21b2f799172115bcceb379307f9c432445fed92cdba2ca911775b3f3f
AgentTesla
fddea1265c29e98f5b679ff034f27124b688f03f2d4c72442ce5f358ddd3eff0
AgentTesla
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201107-f4hrwcpzwj/
Unpacked files
SH256 hash:
8c3f53a4cadb6ab150cfe8854fb57ec7445794c732713a0d38922ea3414426d8
MD5 hash:
0a3028b559e33541af2049a6229ea6b5
SHA1 hash:
348988911b788bac14790c4a586ee79d5f22fdc6
Link:
https://www.unpac.me/results/1d5176b5-fc35-43af-b211-ee1e040a0911/
SH256 hash:
cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1
MD5 hash:
bdf3b08d3b7d4ec80598264dcc35d9f7
SHA1 hash:
be9f0810e7b6e99fbae73dc1e15107355dd5755d
Link:
https://www.unpac.me/results/1d5176b5-fc35-43af-b211-ee1e040a0911/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Executable exe cd890b3b8d2be8ba19b3fa347622e4f628984938dabec2926d1b22424d3d8cc1

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments