MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ecb6b6996e06c41ca27c80cfe645e3b62d8e5c851e7b98d32d5f73de6755863. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ecb6b6996e06c41ca27c80cfe645e3b62d8e5c851e7b98d32d5f73de6755863
SHA3-384 hash: ba053567390f6a9235ad1256794eb76e84bbb7310be9e04d6b88df72d1876fd83e450bc85743575999c5105f0a8a8adc
SHA1 hash: 1c5632f12ed173044eb11f7d269af532a18ec5e1
MD5 hash: a4809053cd7e6ea881460b67e928b50c
humanhash: vermont-summer-beryllium-maryland
File name:RFQ.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:370'739 bytes
First seen:2020-06-12 06:38:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:PWV0bZlFm0YHIE8eL2SKh+yGgBhg9Hb0dnf7afy8dQi+RQA8i:80lREMh+EBu9HYBf7aMP1
TLSH F0742321F6DB3271C30DF55782AE464C4BC6663596ACD0A08D29F3D1BEF2DDE1262839
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gdi.com.qa
Sending IP: 45.153.242.228
From: Shahid Hassan <shahid.hassan@gdi.com.qa>
Reply-To: Shahid Hassan <matthewwinfled@yahoo.com>
Subject: RFQ 705125 - PR 197087
Attachment: RFQ.rar (contains "RFQ.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 06:40:09 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p3fww2mw4bwedsrhzagp4zc6hnrnrzoikht3tdjs2x3t3ztvlbrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7ecb6b6996e06c41ca27c80cfe645e3b62d8e5c851e7b98d32d5f73de6755863

(this sample)

AgentTesla

Executable exe 4832830f9b280807da5739b8c6b62a604e685fd57b152e96f3cce01fe7f3a522

  
Dropping
MD5 0d7b2065b6ef09fbc802bc2d06d65665
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4832830f9b280807da5739b8c6b62a604e685fd57b152e96f3cce01fe7f3a522

Comments