MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bb1fe4f87c756b51bfb7d49630ac0fdf4fe5fcd372381aaf509f7f525d0a5b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bb1fe4f87c756b51bfb7d49630ac0fdf4fe5fcd372381aaf509f7f525d0a5b1
SHA3-384 hash: 94c755c4a6db56850340d0d85ae7e7ff3ec142ac07368ec596b8785bd55bc624ce967fc2ef74d98b345c88ffb4e2d0c2
SHA1 hash: d32c1b614997f4fb36958bcd84f6366d2e5b6b5a
MD5 hash: d5a14dc95ee1cfbd239ec72f417192a2
humanhash: table-magnesium-oregon-carbon
File name:Payment Advice.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:397'343 bytes
First seen:2020-04-29 18:47:43 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:AKKYd5wBu4LelziLyjN8kGeVMk1b3gVLxqpZK:Aw5wBtLAziLyjvCVLj
TLSH 638423C66AD424486B1DDB40C78A24B559FC56326CF448CB0BB1BDE7A33C92CEB9135D
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vatm.vn
Sending IP: 185.118.167.64
From: phuonganh.tc@vatm.vn
Subject: Payment advice-Euro Bank EFG
Attachment: Payment Advice.r00 (contains "Statement of Account.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 03:44:24 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=poy74t4hy5llkg73pvewgcwa7x2p4x6ng4rydkxvbh37kjoquwyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 7bb1fe4f87c756b51bfb7d49630ac0fdf4fe5fcd372381aaf509f7f525d0a5b1

(this sample)

AgentTesla

Executable exe bff997af2c8f1c0aebe9caaf6076c4901c8c3910337510401daf10289c57a5da

  
Dropping
MD5 d3169020a70f5dda7e13b37d2549da79
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bff997af2c8f1c0aebe9caaf6076c4901c8c3910337510401daf10289c57a5da

Comments