MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cc7e04b4dda5e4c436f9f13dfb7266d9f61b72cb690e2413236aadaab7899bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cc7e04b4dda5e4c436f9f13dfb7266d9f61b72cb690e2413236aadaab7899bd
SHA3-384 hash: 254383ed4fbf0019b203adc821e4ca8eedfc62b11cdb8eecb6e80c065543e39e4c67e8525ba01917cd9aa9005b777ae4
SHA1 hash: 11b988cdbb6c2a9e2a2750fa1563c3493be5345a
MD5 hash: b4b953b5494dae0b4bc4bddf2dca635b
humanhash: william-march-timing-march
File name:Specification.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:469'092 bytes
First seen:2020-07-20 08:56:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:XXcjzO2iw/X2DdBpCanpaVPX9BKoJZGcfEPH/wtcJ:mO1xdznQ/XJEkcJ
TLSH ECA423D08537179D15E1ACF65BB8068F27DC280F6CA06C12ACC9F595BC48EE8F4476E6
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "Md. Babul Hossain Gazi" <b.hossain863@gmail.com>
Reply-To: a.rehman@revo-moto.com
Subject: RFQ PO #4071
Attachment: Specification.zip (contains "Specification.exe")

AgentTesla SMTP exfil server:
smtp.mail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
MiscreantPunch.RTF.2017-0199.Obfus.171711.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQPentaverateTheKernelWithHisWeeBeadyEyes.20200616.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXSTRGOOD.RTFSTR._E_R_N_E_L_3_2_OADLIBRARYW_S_ETPROCADDRESS_.200622.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cc7e04b4dda5e4c436f9f13dfb7266d9f61b72cb690e2413236aadaab7899bd/
Threat name:
Document-RTF.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 08:58:07 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dtd6as2n3jpeyq3pt4j57nzgnwpwdnzmw2ioeqjsg2vnvk3ytg6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1cc7e04b4dda5e4c436f9f13dfb7266d9f61b72cb690e2413236aadaab7899bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 1cc7e04b4dda5e4c436f9f13dfb7266d9f61b72cb690e2413236aadaab7899bd

(this sample)

AgentTesla

Executable exe 238782507ba86647fe77803e2994307f580dab549157e4f15e539d5514594ec5

  
Dropping
MD5 810197fd9b0ed31a8e467df3b7d5f641
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 238782507ba86647fe77803e2994307f580dab549157e4f15e539d5514594ec5

Comments