MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bc5d8d0e3882fefbf7336f8fac6cabad5020521536305562d9a52fbee0a538d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bc5d8d0e3882fefbf7336f8fac6cabad5020521536305562d9a52fbee0a538d
SHA3-384 hash: 070eff42463af4da5bee0f9934686ec51218765878cdaa7e554b3eb755e9062a20f80ca33c45baf2d04d01ecf8dfd8f0
SHA1 hash: 81a6f98375494e44bd6dadd1847e47f07b2eeb12
MD5 hash: 597b4b0718702623eedd1cc0ab2ac7b6
humanhash: butter-foxtrot-mockingbird-ceiling
File name:Information and requested documents.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'347 bytes
First seen:2020-08-08 08:41:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:8x2Q7bzuPFX7umWyKLD6VnHR8643xEIg8MerN:8x2UMuDgmXB9VrN
TLSH 838423440268B277ED80DA766F8FDDD026AF4DC9589E77032624232FDE418DDDB219B2
Reporter abuse_ch
Tags:AgentTesla Hostwinds zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-758874.hostwindsdns.com
Sending IP: 104.168.202.239
From: Gaurav Pansari<gaurav@kredx.com>
Subject: Information and requested documents
Attachment: Information and requested documents.zip (contains "Information and requested documents.exe")

AgentTesla FTP exfil server:
ftp.hraspirations.com:21

AgentTesla FTP exfil user name:
test@hraspirations.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FXH532D75F19023.575.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7bc5d8d0e3882fefbf7336f8fac6cabad5020521536305562d9a52fbee0a538d/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-08 06:01:28 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ppc5ruhdrax67p3tg34pvrwkxlkqebjbknrqkvrntjjpx3qkkogq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/7bc5d8d0e3882fefbf7336f8fac6cabad5020521536305562d9a52fbee0a538d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7bc5d8d0e3882fefbf7336f8fac6cabad5020521536305562d9a52fbee0a538d

(this sample)

AgentTesla

Executable exe a6d44377671c37e4ef84efae15b17efbcdd03a8b5af2704e74f75126f333196f

  
Dropping
MD5 532d75f19023a3dc1e445de0d63c8487
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6d44377671c37e4ef84efae15b17efbcdd03a8b5af2704e74f75126f333196f

Comments