MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f34136d8d667554a5d85cccab25c62815cb126797b34e4495c702e25c3f7f659. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: f34136d8d667554a5d85cccab25c62815cb126797b34e4495c702e25c3f7f659
SHA3-384 hash: cad4c0a742e4c65f4e5366027d9b36c2c240fafa7e18965a08047a2167b0377e9a479b6fe31c1556892d113042412c23
SHA1 hash: 8881ca93827268504e9ea33d19b4b7c939fdc2c8
MD5 hash: bd99da40822144208341f960e5989a4f
humanhash: west-stairway-friend-romeo
File name:P Order300620_jpg.zip
Download: download sample
Signature AgentTesla
File size:391'287 bytes
First seen:2020-06-30 08:46:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:jryLztun6MZ3W4kFgqYRFZaVRhkM8cqk/WwpKnVuVGft92PRrJkX0mW5nUp6VxFU:jAuNGYEV/5t0OGftkJkXDanUp6PFyN4k
TLSH 018423EFB85A2F647D03473F4036924B0948CE3158F71BFE76C5E0992E9B1C29851E66
Reporter @abuse_ch
Tags:AgentTesla zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.206
From: Sales <chenxinjian@wison.com>
Subject: New order(urgent)
Attachment: P Order300620_jpg.zip (contains "P Order300620_jpg.exe")

AgentTesla SMTP exfil server:
mail.skysponder.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 27
Origin country FR FR
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/f34136d8d667554a5d85cccab25c62815cb126797b34e4495c702e25c3f7f659/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Wacatac
First seen:2020-06-30 08:48:07 UTC
AV detection:6 of 48 (12.50%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f34136d8d667554a5d85cccab25c62815cb126797b34e4495c702e25c3f7f659

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments