MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c7d8ca279aeeec6233817eb4d4dfef6a5f30717ad490af10dfcded2e5f7b394. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c7d8ca279aeeec6233817eb4d4dfef6a5f30717ad490af10dfcded2e5f7b394
SHA3-384 hash: 49ecd9c70ff5ed213ef9363f43a793a6f6f3aec91abb83a2e9df91ab529c064d2064eb3a9022028de218cd60310ad153
SHA1 hash: 373a5965400c1b17ef0cce8a2e6ab8630ec34331
MD5 hash: 515039c1bc628fb10a5215699be528ee
humanhash: magnesium-violet-happy-six
File name:phpn7cD9L
Download: download sample
Signature AgentTesla
Create hunting rule
File size:599'629 bytes
First seen:2020-07-08 07:15:04 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:VY3nzkJaNr4hgQ75knE4DS4rEB5Ft56LMJ/EvJErdEhDFwWOG9PyoD/0GvUp6:VYXzkJaGhL75knfzYx584OJ4yDFb9PyY
TLSH FBD423C784C792FC1CDBB792B9985BC1084CF534A30DFF32D5867942A32676AE9CA851
Reporter abuse_ch
Tags:AgentTesla phpn7cD9L


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: exploresystem-premium.nh-serv.co.uk
Sending IP: 93.114.87.85
From: Tian <enquiries@vinta.com.sg>
Subject: PO#87324-紧急
Attachment: phpn7cD9L (contains "PO#87324.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c7d8ca279aeeec6233817eb4d4dfef6a5f30717ad490af10dfcded2e5f7b394/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 07:16:14 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fr6yzitzv3xmmizyc7vu2tp662s7gbyxvveqv4in7tpnfzpxwoka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2c7d8ca279aeeec6233817eb4d4dfef6a5f30717ad490af10dfcded2e5f7b394

(this sample)

AgentTesla

Executable exe 9daff52b5fd16bd2ff808e6b4ba02d6b46e00d27520ffaabdf42e20d1378a15c

  
Dropping
MD5 561b9a164ba940c40fafca1388cfba6e
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9daff52b5fd16bd2ff808e6b4ba02d6b46e00d27520ffaabdf42e20d1378a15c

Comments