MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ac83b1955f0ee9874f841f800064dfc84d6b45074a17c46c4b9579d2e29059d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ac83b1955f0ee9874f841f800064dfc84d6b45074a17c46c4b9579d2e29059d
SHA3-384 hash: 61bee655ac0c8197647e3aeeb2da6a3862d2815fde9839023188c1e8256111b7a10c97aeace690fc013389eb0684a07c
SHA1 hash: 51a80ff58d1b4719f3366b0b7aaf8ec39851a5c4
MD5 hash: 900c73ffdaaeb8c5c500ea849528f8f6
humanhash: fifteen-mango-happy-cola
File name:new PO 20204764 - REQUEST FOR QUOTE.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'204'224 bytes
First seen:2020-08-31 05:55:35 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:1QvrCXEucruic247nrns/Xw2ggJ+fw2usq0y38xxypur:1IsTsYWJ+fw2usqp3Yypur
TLSH 25459E62F2924437DD732A389C5B57749C3ABE006D2868467BF9DE4CCF3928139352A7
Reporter abuse_ch
Tags:AgentTesla iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.jobworklink.com
Sending IP: 5.189.185.125
From: Brykanov Vladimir <info2@induvac.com>
Subject: REQUEST FOR QUOTE/DOC NO 4764
Attachment: new PO 20204764 - REQUEST FOR QUOTE.iso (contains "new PO 20204764 - REQUEST FOR QUOTE.exe")

AgentTesla SMTP exfil server:
mail.rushtekent.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

PUA.Win.Adware.Webalta-6879873-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader34.29944.17906.10656.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ac83b1955f0ee9874f841f800064dfc84d6b45074a17c46c4b9579d2e29059d/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 00:22:07 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pledwgkv6dxjq5hyih4aabsn7scnnncqosqxyrwexflz2lrjawoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7ac83b1955f0ee9874f841f800064dfc84d6b45074a17c46c4b9579d2e29059d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 7ac83b1955f0ee9874f841f800064dfc84d6b45074a17c46c4b9579d2e29059d

(this sample)

AgentTesla

Executable exe 3620b064389d3957610700c51595f52e92e613ddbcb70526345f8cd73f44c718

  
Dropping
MD5 c24a0c3b5fae8604a9c4ab2ab61fa1a2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3620b064389d3957610700c51595f52e92e613ddbcb70526345f8cd73f44c718

Comments