MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7602ef063bf7203b635274afea6643df3d8a9fca33b1c82a8d763e7907fe772d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7602ef063bf7203b635274afea6643df3d8a9fca33b1c82a8d763e7907fe772d
SHA3-384 hash: 60d3ce293bcdff8a2de6b0f3b4d9cdb955d94793fa8bdca599e057a01b34f139bbef9cf9dad2a054511fe250d0210f91
SHA1 hash: 49cb78c39212968028ef5da062465a31ef7cd4a6
MD5 hash: 29f04beae26c90b83e53ffc263e2400a
humanhash: florida-wyoming-mango-carbon
File name:COVID-19 UPDATE.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:464'896 bytes
First seen:2020-04-01 18:17:29 UTC
Last seen:2020-04-01 21:14:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:8lW0mg2yy6VPZ9WNvBjkmxFEEi0ikX4HO4gCQbBhqf5Z:5oSm7lkWGjQZ
Threatray 18 similar samples on MalwareBazaar
TLSH F7A4BF3531EE0256D777EBB30BE8F96E8765B273120BE538248116C68722A42DDC177B
Reporter abuse_ch
Tags:AgentTesla COVID-19 exe


Avatar
abuse_ch
COVID-19 themed malspam distributing AgentTesla:

HELO: apl.com
Sending IP: 37.49.230.105
From: Esperanza Silvestre <hkg_counter@apl.com>
Subject: Customer Advisory - COVID-19 UPDATE WORLDWILD
Attachment: COVID-19 UPDATE.arj (contains "COVID-19 UPDATE.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587 (77.88.21.158)

Intelligence

File Origin
# of uploads :
4
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen2.46181.4636.10784.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 18:35:25 UTC
File Type:
PE (.Net Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=oybo6br364qdwy2sosx6uzsd346yvh6kgoy4qkunoy7hsb76o4wq._file
Verdict:
unknown
Similar samples:
059bbd8d7c9d487678e796bce73e5a2c349d08a6dccc65b437f614c55f4940b5
AgentTesla
1fc2513878352ba7ec5f8a9fdb6bcd4653b6a14443ec65fd1a59a8fa1c8aa8a6
AgentTesla
79a6cd0ad542c43bd3b6c3baebe42c7682ad82294ad70a89624c13a9082f1f2b
AgentTesla
873420c55723208004de9c7fc00662e82bf297454b6bb04820b5636552ca6e00
AgentTesla
8e26ebee195d4120b62cece46d79a74989b899f3c7bda83a14c5f273cd3f098b
AgentTesla
a545a0435cbff715cd878cad1196ea00c48bd20f3cf1cc2d61670ef29573cc7c
AgentTesla
cb87b162931d90a491b6f8a62c7e4f948f4940f7e7eb6547816a4965ae8a0ec5
AgentTesla
d2cc729be39a3136dde1a0e312f2cf6bffbcf4159f3b724b980e5ac2419a398c
AgentTesla
dff74296cf8052e89fc7c49f911e998795262c6f266bf19cda399a0183ea5159
AgentTesla
edced06a3011186bdf81b8e16739f41cb226ce9fdd57e9d8d006da27874aea65
AgentTesla
+ 8 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj e0304c0b3e38361d6de030030989846cc035c07ccaac03f1efa1e1e8518bc507

AgentTesla

Executable exe 7602ef063bf7203b635274afea6643df3d8a9fca33b1c82a8d763e7907fe772d

(this sample)

  
Dropped by
MD5 8732bd5131e777cd45ca14908e96286a
  
Dropped by
SHA256 e0304c0b3e38361d6de030030989846cc035c07ccaac03f1efa1e1e8518bc507
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments