MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3468ffa5cf08a346eb01c1019022f0298c9e0d88cbbebe124cce9458ed186a01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	3468ffa5cf08a346eb01c1019022f0298c9e0d88cbbebe124cce9458ed186a01
SHA3-384 hash:	3336e8f2f3076d4bc911caa1051e71f51dde2a5c62ac02f3b59b29b1b269673c314e8dfe6766a29c94ded20ba6ae7358
SHA1 hash:	21735e280e33bc2895aea81ad64298021056d67c
MD5 hash:	8ce2251234be9ef3a77b3d86da7a25ab
humanhash:	ceiling-failed-foxtrot-spaghetti
File name:	Shipment Document 2341AKI-001.xls.7z.001
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	677'050 bytes
First seen:	2023-12-15 10:02:46 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	12288:rCq9+oh/qHeuqDb579CgVVVdfbh++tpbni6iwwSyUKuzE8ViprZaOobK:+ULh/AeNfVVVdfbBhEwxxKQQFaOobK
TLSH	T1C9E42397357B8E04F0D7B102EB836D169B804D36837B1FAE79D178D8A64D9EA002523F
TrID	57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1) 42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Reporter	cocaman
Tags:	001 7z AgentTesla

cocaman

Malicious email (T1566.001)
From: ""Nina Zang" <nina@jinling-tex.com>" (likely spoofed)
Received: "from jinling-tex.com (unknown [45.137.22.230]) "
Date: "14 Dec 2023 14:04:40 +0100"
Subject: "URGENT!!! PURCHASE REQ#2005632 23-41AKI-001"
Attachment: "Shipment Document 2341AKI-001.xls.7z.001"

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	Shipment Document 2341AKI-001.xls.exe
File size:	836'608 bytes
SHA256 hash:	9996fd83b852a172c456594e49d2a13d94b0c8d55a9a2d28e5658853ed819b28
MD5 hash:	dd6ee02174452b705bba680d510384e2
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.7z_xls.UNOFFICIAL

SecuriteInfo.com.Trojan.PackedNET.2594.23336.29358.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

masquerade packed

Link:

https://www.filescan.io/uploads/657c2457b4e856b7281ab960/reports/3ac7d750-a1f5-46fa-bc03-71b0d8555b04/overview

Verdict:

Malicious

Labled as:

Mal/Drod7zip

Link:

https://www.hybrid-analysis.com/sample/3468ffa5cf08a346eb01c1019022f0298c9e0d88cbbebe124cce9458ed186a01

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

100%

Verdict:

Malware

File Type:

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 3468ffa5cf08a346eb01c1019022f0298c9e0d88cbbebe124cce9458ed186a01

(this sample)

AgentTesla

exe 9996fd83b852a172c456594e49d2a13d94b0c8d55a9a2d28e5658853ed819b28

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 9996fd83b852a172c456594e49d2a13d94b0c8d55a9a2d28e5658853ed819b28

Dropping

AgentTesla

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample