MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c54a49b186f198be6c70add64ae69937eac7aa8f746302d7905499eafb2589d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c54a49b186f198be6c70add64ae69937eac7aa8f746302d7905499eafb2589d
SHA3-384 hash: 33797875d43a41aa6487216b79633c9bcd3bb7f3bf2bf3ce822d72dbf907f2c8f254be413c45fb4ae308072e9839047f
SHA1 hash: 76b29c1dd2bed3714bf66090c79b1f33ddfec2e4
MD5 hash: be478a5c773ce742035fe813632c42ed
humanhash: west-single-paris-kitten
File name:AUG SOA PO34256.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:633'576 bytes
First seen:2020-08-31 10:33:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ivW05PPLJXNk/ynnNtDLVWMIIQyKSXHDjbrqdNrbji4TwaB46+cb7LHEYw3:idTeynDABIQxSXj6NrbHTwaj+28
TLSH 65D423E221D9C4F4445013A876FB36938A81912E0AD9A66DC98CEFB25F35FDD137A0F1
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.jnawa.com
Sending IP: 210.236.36.69
From: peter@zenhankook.id<peter1@zenhankook.id>
Reply-To: <jp.intl1@hotmail.com>
Subject: STATMENT OF ACCOUNT/NEW OFFER
Attachment: AUG SOA PO34256.zip (contains "AUG SOA & PO34256.exe")

AgentTesla SMTP exfil server:
mail.estechtab.com:587

AgentTesla SMTP exfil email address:
logs@estechtab.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c54a49b186f198be6c70add64ae69937eac7aa8f746302d7905499eafb2589d/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 01:31:04 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=prkkjgyyn4myxzwhblowjltjsn7ky6vi65ddallzavez5l5slcoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c54a49b186f198be6c70add64ae69937eac7aa8f746302d7905499eafb2589d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7c54a49b186f198be6c70add64ae69937eac7aa8f746302d7905499eafb2589d

(this sample)

AgentTesla

Executable exe 04803c612483d76474860d5942b69d5ee3a68987a258b76283d60b345c188c62

  
Dropping
MD5 8863124f47c672e403b0f422e385e6eb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 04803c612483d76474860d5942b69d5ee3a68987a258b76283d60b345c188c62

Comments