MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cd854d170761f11b82140dcbe3c45c4b24e48a1e50ed2a413d0c23711de7bca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cd854d170761f11b82140dcbe3c45c4b24e48a1e50ed2a413d0c23711de7bca
SHA3-384 hash: 816d66b67b993a7cb995242e766e12a74ee74e7892899649616b1978ce9631d98b57d4738650577f8dc8ea8ae438dd10
SHA1 hash: a0b63c4c1d3f9c39108f47dfddc6bb33a9b29812
MD5 hash: b32f1faeb324c9908facf5422b2981ba
humanhash: cold-apart-mexico-fix
File name:copia di pagamento 10-06-2020.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:511'412 bytes
First seen:2020-06-10 07:23:35 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:wujXJJ8YYQzT8XOacpmGonMD2PcfrMee/t6CdF74:wujnHIXOkGoHcf4ltNdFs
TLSH A0B4231DA9D0C858E25257836EF1CD418E3C4BD88DAD25F485FD02828E9F306964FEBE
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pmg.alpfavill.hu
Sending IP: 217.112.135.207
From: Augusto Prada <Augustoprada@gmail.com>
Subject: copia di pagamento 10-06-2020
Attachment: copia di pagamento 10-06-2020.7z (contains "copia di pagamento 10-06-2020.exe")

AgentTesla SMTP exfil server:
mail.ductoslimpios.com.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Worm.AutoRun
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 07:25:11 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 30 (60.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptmfjulqoyprdobbidol4pcfysze4sfb4uhnfjat2dbdoeo6ppfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 7cd854d170761f11b82140dcbe3c45c4b24e48a1e50ed2a413d0c23711de7bca

(this sample)

AgentTesla

Executable exe 1300fb6c79d34c9e16d2b31ea26080cccddd855981c80ea0472145bba105960b

  
Dropping
MD5 fe6441a24cb3a0b095b7cf5f959b26d6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1300fb6c79d34c9e16d2b31ea26080cccddd855981c80ea0472145bba105960b

Comments