MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f687608e342022aee120c297b508ddd50eece7be8d5a62a3d5c4008ef67ba4aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f687608e342022aee120c297b508ddd50eece7be8d5a62a3d5c4008ef67ba4aa
SHA3-384 hash: a3867021437027daa46032f18782a2b2293415918a1501e731bb021a04a81a716fb01939176905549f6dc26d0420dc73
SHA1 hash: a3b9d09c85d8cbe8021f01f98d91991ae759b7ff
MD5 hash: 03f97c962a95b45560083748628b12d1
humanhash: april-carolina-pasta-burger
File name:ZAHLUNGSBESTÄTIGUNG 15.06.2020.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:409'225 bytes
First seen:2020-06-15 13:56:03 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:0Vd/fc3IB1J6heHxYihTNxxsyIyqQEppSB1OBOxAJ2l:b3IB1yQLzSpQ1OBOeIl
TLSH CC9423603602BE2EC5A758451EFB5DCFDD03349B92E93E39122B1DA62757AC4D301BA3
Reporter abuse_ch
Tags:7z AgentTesla DEU geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.ispcf.ro
Sending IP: 46.97.75.130
From: Hasso Otto <hassoOtto@gmail.com>
Subject: ZAHLUNGSBESTÄTIGUNG 15.06.2020
Attachment: ZAHLUNGSBESTÄTIGUNG 15.06.2020.7z (contains "ZAHLUNGSBESTÄTIGUNG 15.06.2020.exe")

AgentTesla FTP exfil server:
ftp.tde.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:57:05 UTC
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=62dwbdrueark5yjaykl3kcg52uhozz56rvngfi6vyqai55t3usva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z f687608e342022aee120c297b508ddd50eece7be8d5a62a3d5c4008ef67ba4aa

(this sample)

AgentTesla

Executable exe 763fec4e95eae02da031fd8b484c434175a5a76a8472682bfa85780f83e98d7d

  
Dropping
MD5 fb5b1af01a5ffbceded47a9504360901
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 763fec4e95eae02da031fd8b484c434175a5a76a8472682bfa85780f83e98d7d

Comments