MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e057c0409125f3090f44fa58cdab42a5f30936bd7dedae025c4979d6851e90a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e057c0409125f3090f44fa58cdab42a5f30936bd7dedae025c4979d6851e90a
SHA3-384 hash: 7bc7de5d8880023a58398d72cb4eb2d4966ff6b0f317a7b07ff012e07017db0bede1e5d9b23fbab29b23ee6dc203e6ad
SHA1 hash: 88d16571ca6913389c4ebc16887a825142eb6b2f
MD5 hash: e10da1c4453df66476c528d4434f8dc6
humanhash: lemon-fish-one-delaware
File name:po_300989.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:360'478 bytes
First seen:2020-07-01 05:35:20 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:efvsse5mBLc0Z5Pz3mxQvCzVRMmXq/PXKRsqsPSRgy7pRZbrXwf9u5DJbA684b:JswmBLFPn+RN8f5JaqopRe9EDJ9
TLSH 9C7423D10F56C0452AED6B4772E8E2A3ECDC4FEA03F69A65AA77335313A55198F108CC
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: almoverseas.com
Sending IP: 172.93.189.91
From: Accounting<export@almoverseas.com>
Reply-To: Accounting<s.nsa41@hotmail.com>
Subject: Re: po_300989
Attachment: po_300989.zip (contains "po_300989.exe")

AgentTesla SMTP exfil server:
business41.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis5DAA2B43601F.27789.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e057c0409125f3090f44fa58cdab42a5f30936bd7dedae025c4979d6851e90a/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 05:37:03 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pycxybajcjptbehuj6syzwvufjptbe3l27pnvybfyslz22cr5efa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7e057c0409125f3090f44fa58cdab42a5f30936bd7dedae025c4979d6851e90a

(this sample)

AgentTesla

Executable exe f187aab18607c012460083a62bafb6e17e1b9e6003fc0196695dfd48ae2eb361

  
Dropping
MD5 5daa2b43601f84d3f1214b7dc2e7db79
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f187aab18607c012460083a62bafb6e17e1b9e6003fc0196695dfd48ae2eb361

Comments