MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c06b6c5dd52fe3fe90f8a64669f8dd135b6e973df227308cac0f8087d3ba7b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c06b6c5dd52fe3fe90f8a64669f8dd135b6e973df227308cac0f8087d3ba7b4
SHA3-384 hash: 1ef872f8f0f8157cdab10e364b7864c1a5eb7c8003e7617488995d7649f9dff15c55da22cda206aad3d01ae3e0f26f55
SHA1 hash: d208468a3b81be3c7a8f5b812c3d51d2b9ecf962
MD5 hash: 81b4b29f478b710990ca625c5ca3d672
humanhash: five-pasta-november-pip
File name:doc.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:272'365 bytes
First seen:2020-07-10 11:22:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:sjkWWHpoXhMcqqlJnlRIqO2OpclUExaexgOARvchsu7:sjkWWHpgMlgq2OpMxny7S
TLSH BF44233F6B5BCF0F601820EE23251E43A8503C8509B1921A6FCB765AFE15B396B5DF25
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.mu-pleven.bg
Sending IP: 194.141.67.3
From: Mediterranean Shipping Company <muzaffercelik@gategrup.com>
Subject: Shipping Document
Attachment: doc.rar (contains "doc.exe")

AgentTesla SMTP exfil server:
smtp.factosgroup.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c06b6c5dd52fe3fe90f8a64669f8dd135b6e973df227308cac0f8087d3ba7b4/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 11:23:04 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqdlnro5kl7d72iprjsgnh4n2e23n2lt34rhgcgkyd4aq7j3u62a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7c06b6c5dd52fe3fe90f8a64669f8dd135b6e973df227308cac0f8087d3ba7b4

(this sample)

AgentTesla

Executable exe e803f10811608ea8e2179185e8c334b22b71097e3a7ec5b56909e3779834ed9b

  
Dropping
MD5 c1937217fef2842a39e32e44bc031a05
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e803f10811608ea8e2179185e8c334b22b71097e3a7ec5b56909e3779834ed9b

Comments