MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e4f7b0759cc80f2de603b61268df360569455658b3326fccee5bbe1c2b2f43d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e4f7b0759cc80f2de603b61268df360569455658b3326fccee5bbe1c2b2f43d
SHA3-384 hash: 361b8b2b864c634f392087f0b1ff7dca459c72204f3e89729c2f69a9031492b1248fae245df452c8c4ba0bfa6b151b80
SHA1 hash: af421114ed008659617842e381556f3ef8bcf943
MD5 hash: c55e9c71e71d07ce1902a6d0b7568611
humanhash: mike-tennis-mockingbird-six
File name:Transfer de copie 07_02_2020.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:349'674 bytes
First seen:2020-07-02 12:21:31 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:/tA949RLni0gRTL15wHjzQlpO5NIp/zjQ/ehnkFhXpTsw+GzUbX8yLwYAKx:S949ROLfajwtXnYn3+GIMCwYlx
TLSH 937423859ACB8A9996DE1EA29D81D3D9C3C9E2F587F3E72CF53383B0515716A0C6090C
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.gigasistem.ro
Sending IP: 89.47.53.190
From: Irina Schrotter <irinaschrotter@gmail.com>
Subject: Transfer de copie 07_02_2020
Attachment: Transfer de copie 07_02_2020.7z (contains "Transfer de copie 07_02_2020.exe")

AgentTesla SMTP exfil server:
mail.protege.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e4f7b0759cc80f2de603b61268df360569455658b3326fccee5bbe1c2b2f43d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 12:23:07 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lzhxwb2zzsapfxtahnqsndptmbljivlfrmzsn7go4w56dqvs6q6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 5e4f7b0759cc80f2de603b61268df360569455658b3326fccee5bbe1c2b2f43d

(this sample)

AgentTesla

Executable exe d3391e9c475243663aa77b0c4f57e482cf6738498a3e15c7ada35079da92edf5

  
Dropping
MD5 837d52c8b609bf0c0a335ee600eb7cfc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d3391e9c475243663aa77b0c4f57e482cf6738498a3e15c7ada35079da92edf5

Comments