MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f7cdd7505949da998490f05372dd2ba5f6cee5f06933afb98828f06b647a67fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f7cdd7505949da998490f05372dd2ba5f6cee5f06933afb98828f06b647a67fa
SHA3-384 hash: 4e8a5e19d884f7e5eb5d42a6416ad9d521855e17d3906a3ff43a1b0e02cc6366a48b7740cae460c8c48641697f832649
SHA1 hash: 6334e14e577f75278fb1f8bac3436e4fda5e9b8d
MD5 hash: f3d989bc83df93e3f30955d857266874
humanhash: video-music-idaho-red
File name:AWB - 245224335464563 DHL.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:703'917 bytes
First seen:2021-02-02 06:49:46 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:povGfRFKcUO3D5WgdM0AC3NEt5NKuMAeyh/7/1el+bR1eiHaLZHpV5eIk6i4ex:V/zHMgaMN0mD6Nel2R1ei6LxpV5eI3ix
TLSH 2AE433786FE1309616F24DED4E7AD5000CA3DA0D052A628346EF7A87D9F7AF54D10AE2
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: ""DHL EXPRESS SHIPPING"<sales@dry-chatering.com>" (likely spoofed)
Received: "from mail0.dry-chatering.com (mail0.dry-chatering.com [157.230.43.179]) "
Date: "Tue, 02 Feb 2021 06:42:55 +0100"
Subject: "AWB N0: 3029****6411 ready for pick-up"
Attachment: "AWB - 245224335464563 DHL.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f7cdd7505949da998490f05372dd2ba5f6cee5f06933afb98828f06b647a67fa/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-02 06:50:07 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
9 of 45 (20.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=67g5ouczjhnjtbeq6bjxfxjlux3m5zpqnez27omifdygwzd2m75a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f7cdd7505949da998490f05372dd2ba5f6cee5f06933afb98828f06b647a67fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz f7cdd7505949da998490f05372dd2ba5f6cee5f06933afb98828f06b647a67fa

(this sample)

AgentTesla

Executable exe adaaf6179bb3c1a45960ea981c294881c56424c3d24680a25629c4deeec6d45c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 adaaf6179bb3c1a45960ea981c294881c56424c3d24680a25629c4deeec6d45c
  
Dropping
AgentTesla

Comments