MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a5507078f5ea28189135c246e0b7b67aa32c4f2197e807e958af1608d7082bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a5507078f5ea28189135c246e0b7b67aa32c4f2197e807e958af1608d7082bf
SHA3-384 hash: 4c2969c19f9c1ba245975be548c61714180d2b56db1cced58c65d2e9ff83c0f550f90aeaad0378c7e78fb837cc6141b7
SHA1 hash: 08136fb487efee278489f90f578e6996f36f10be
MD5 hash: e902468f696169d5bb227961cbca2781
humanhash: rugby-nine-earth-foxtrot
File name:Covid-19 Interception Plans.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'434 bytes
First seen:2020-04-09 18:16:20 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:KY3Ce1HPVHd5r32pnrjj7wnXxDFvC5SDPnB1OBeI0us2fmVRuYHY+y+uSvTZs:KFeRpvyjUnB9CiHOE5usa2uYHYn+vls
TLSH F394236ED404E1E1C2CDD7EADCDF6C0A07A3969FE16363078DEC56BA4E66871A10318C
Reporter abuse_ch
Tags:7z AgentTesla COVID-19


Avatar
abuse_ch
COVID-10 themed malspam distributing AgentTesla:

HELO: cetinturkbilgisayar.com
Sending IP: 213.142.138.118
From: Rafia Iqbal <rafia.iqbal@bankfab.com>
Subject: Covid-19 Interception Plans
Attachment: Covid-19 Interception Plans.7z (contains "Covid-19 Interception Plans.bat")

AgentTesla SMTP exfil server:
mail.cotodelvalle.com:587 (195.248.230.192)

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 18:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
25 of 45 (55.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=djkqob4pl2ridcitlqsg4c33m6vdfrhsdf7ia7uvrlywbdlqqk7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 1a5507078f5ea28189135c246e0b7b67aa32c4f2197e807e958af1608d7082bf

(this sample)

AgentTesla

Executable exe 1bda17cb11b0a6d1d06812bffa20372ab5a5b6e200796f87151bff3365d728f4

  
Dropping
MD5 e688f8d75a51c4e3198d074e64e181cc
  
Dropping
SHA256 1bda17cb11b0a6d1d06812bffa20372ab5a5b6e200796f87151bff3365d728f4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1bda17cb11b0a6d1d06812bffa20372ab5a5b6e200796f87151bff3365d728f4

Comments