MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfdda50bf1c59d9967e7e2e3a126c2396f30f10284be7a68b36a52706ceba8a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfdda50bf1c59d9967e7e2e3a126c2396f30f10284be7a68b36a52706ceba8a5
SHA3-384 hash: c680d4d794e2bdf2746715ce3eee3ce3df5f81b8d63d1a6cb31f6eac6eaf8bc1bc70cb475c4e29cc1950bdf7f1e8619e
SHA1 hash: 78d7cb97290df00c5c2acf04cc0771cba5a16015
MD5 hash: 4e8a7a75b520d5fc6456a286a9ddc1a7
humanhash: mirror-yellow-mars-kilo
File name:Shipping Docs INVOICE+PACKINGLIST+BILLOFLADING THS0094587.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:594'240 bytes
First seen:2021-02-16 16:57:32 UTC
Last seen:2021-02-17 07:17:33 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:/0Ky7P1nWdIAQ1TdKd7FC0wE0TmkX7G5Ro5gQ2qr:/0NxnAqdKC7Tp7qsga
TLSH DAC423AD6B6B4C7683BBE92F2E856C302C59B0BF560F5E70560D8BC423B75F19E19090
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Jenny Lam" <export02@sixgigasolution.live>" (likely spoofed)
Received: "from box.sixgigasolution.live (box.sixgigasolution.live [188.166.121.245]) "
Date: "16 Feb 2021 09:03:00 -0800"
Subject: "Shipping Docs//INV/PL/THS0094587"
Attachment: "Shipping Docs INVOICE+PACKINGLIST+BILLOFLADING THS0094587.rar"

Intelligence

File Origin
# of uploads :
4
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cfdda50bf1c59d9967e7e2e3a126c2396f30f10284be7a68b36a52706ceba8a5/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-16 16:58:06 UTC
File Type:
Binary (Archive)
Extracted files:
78
AV detection:
14 of 44 (31.82%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7o2kc7rywozsz7h4lr2cjwchfxtb4icqs7hu2ftnjjha3hlvcsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cfdda50bf1c59d9967e7e2e3a126c2396f30f10284be7a68b36a52706ceba8a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cfdda50bf1c59d9967e7e2e3a126c2396f30f10284be7a68b36a52706ceba8a5

(this sample)

AgentTesla

Executable exe f1fa8c7e3ec0184ecbb89e2dd8554d4ab80391d44216d6480762cb14d03008ae

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1fa8c7e3ec0184ecbb89e2dd8554d4ab80391d44216d6480762cb14d03008ae
  
Dropping
AgentTesla

Comments