MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7bb8eeb7f96d5a72078f5f80b1ffe9d1880d785c8e4bb32091d51c2fe0d31d3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7bb8eeb7f96d5a72078f5f80b1ffe9d1880d785c8e4bb32091d51c2fe0d31d3a
SHA3-384 hash: eb57c5d9eaa8e836a77b296965a25adc2a2e4659219bcde7a9b8c0739fae467ed0a110dcde43574025afbf8ddb1f9951
SHA1 hash: 96f71862bb692eb135609671f8166e688ccc79fa
MD5 hash: df6847a2eb97aa1f333e0077b500e404
humanhash: chicken-carolina-winter-india
File name:Absa Payment.pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:593'513 bytes
First seen:2020-10-21 15:50:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:YQ0pK9GiL+wBWDGyRhEISPI1OgoHWfqanGZdZqT2ryjtZhtIWhRyInTr64:I6CaWKyRhEVCRQqi4bJoIN
TLSH 0CC423F6BF49A0966ACE5BAF3A5BDA7F565C19D3400835B56F710E08CCD82436FC8620
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.qcol.net
Sending IP: 69.89.160.11
From: OConnor, Michele<bdjadewitt@qcol.net>
Reply-To: <support@mntruckclub.com>
Subject: RE: PO# CPOR-2169 // Invoice SMI/728// 77
Attachment: Absa Payment.pdf.rar (contains "Absa Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7bb8eeb7f96d5a72078f5f80b1ffe9d1880d785c8e4bb32091d51c2fe0d31d3a/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-21 13:50:26 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=po4o5n7znvnheb4pl6ald77j2gea26c4rzf3gier2uoc7ygtdu5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7bb8eeb7f96d5a72078f5f80b1ffe9d1880d785c8e4bb32091d51c2fe0d31d3a

(this sample)

AgentTesla

Executable exe 876e2467c794536214871c18470cbf405ac358baf5e67bb82b2938e7750f438a

  
Dropping
MD5 6784515672485f927ceb7cfc020544e8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 876e2467c794536214871c18470cbf405ac358baf5e67bb82b2938e7750f438a

Comments