MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0
SHA3-384 hash: e660a4fc0572778102fceea755a4195c6aef75b0da85f66df9808d7e7a5c3eb623ea26941351daf8beaea57d4d575e25
SHA1 hash: cc6960ce60cdeecaa6b8f8dfa772da0c21f03402
MD5 hash: a3fb21352d52d5a5b847587cb21bf743
humanhash: white-mobile-chicken-florida
File name:PAYMENT - COPY....Xls..lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:575'832 bytes
First seen:2020-08-31 10:20:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:eg8AGRvkhW3jhBcqvedHnZXf26D5S4HQAo4qZ5KbTUK2j5YQLK2rq:/8AGu8ThBIZl9qXKnUxjaQ5rq
TLSH 46C423DD9D897A931512CB751DC2DEE31FC22A54CAB2306807906284BCD2E7F38EF566
Reporter abuse_ch
Tags:AgentTesla lzh Outlook


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: EUR05-VI1-obe.outbound.protection.outlook.com
Sending IP: 40.92.90.89
From: haralampos katopodis <hkatopodis@hotmail.com>
Subject: PAYMENT - USD Copy
Attachment: PAYMENT - COPY....Xls..lzh (contains "4PGVV5ztI9OHQsS.exe")

AgentTesla SMTP exfil server:
roham.dnswebhost.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=of3mmw5bz5swksy6kseswep2y4n2xvu5umuf4ccbd7dt3kvzfxia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7176c65ba1cf65654b1e54892b11fac71babd69da3285e08411fc73daab92dd0

(this sample)

AgentTesla

Executable exe 4babdf3de87110bb4af05c7117cd6215dc8040345ff840282766a753cd08a5ec

  
Dropping
MD5 4d744c49b2e414e7fb512b43f22a3aa1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4babdf3de87110bb4af05c7117cd6215dc8040345ff840282766a753cd08a5ec

Comments