MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed6422ef10e1914261e0063a71e1e24aff42ec3fd2be87f8c0ea90fd89a7e793. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed6422ef10e1914261e0063a71e1e24aff42ec3fd2be87f8c0ea90fd89a7e793
SHA3-384 hash: a838462a3f887db37244ccf80f12ddb6b040f7d578de3d1b43e76d1b2e77642e7fa7383293825750e089d0590920b2aa
SHA1 hash: 7100bb3cf3f0b6ad8bf6878ff40b55a684945f20
MD5 hash: 15db61f2400bc84d11fa33652d2ab171
humanhash: iowa-maryland-louisiana-butter
File name:New Order.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:240'885 bytes
First seen:2020-07-05 07:27:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:OJeYKi40Y6RKz0NBjWBAxOfAYvHEgsXjWZ:dtfOXC7E5m
TLSH 4E3423D0E9E4589CF1C85DB1F5DFAD1D73E10942DBCA93B0267BBA6B902359C023464B
Reporter abuse_ch
Tags:AgentTesla lzh


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: oricore.com
Sending IP: 212.83.46.121
From: sales_5@oricore.com
Reply-To: sales_5@oricore.com
Subject: New Order
Attachment: New Order.lzh (contains "New Order.exe")

AgentTesla SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20634.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed6422ef10e1914261e0063a71e1e24aff42ec3fd2be87f8c0ea90fd89a7e793/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-05 07:29:03 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vscf3yq4giueypaay5hdypcjl7uf3b72k7ip6ga5kip3cnh46jq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ed6422ef10e1914261e0063a71e1e24aff42ec3fd2be87f8c0ea90fd89a7e793

(this sample)

AgentTesla

Executable exe 1c33706c6499c7f6c5307dcff8d161c33d6bf53cc3440cedf70ab58cc7f526e9

  
Dropping
MD5 def6513fce940760948a7cb5a65f8610
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c33706c6499c7f6c5307dcff8d161c33d6bf53cc3440cedf70ab58cc7f526e9

Comments