MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c2886409aeb5d9f2fda751b7e4de01be48898797b58670a44ef9696a8b637c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c2886409aeb5d9f2fda751b7e4de01be48898797b58670a44ef9696a8b637c2
SHA3-384 hash: cb66836ee83678e91de0e933e86f9458e3e63cde37ddb2d04be3bbcade809d82544d7be35af8f4cd20fb8830e3f80da3
SHA1 hash: 631a5b4f873511d08dbfea1482d2687bc93175c7
MD5 hash: 91a2e8961e1a74f32f03d9a7639ab424
humanhash: carolina-georgia-seventeen-equal
File name:docsx.eml.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:438'854 bytes
First seen:2020-11-18 12:16:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:UOTHigXHwcUUH9E12tHGdmy73Ij4PX+16fd/YfOUQumvZjCp9XWVu/t4c1FuXVrC:UUigXHqH12tHgmyEWXKGGQb8p9KSv1ES
TLSH 2B94235E1122EF7E8AA2E449236718A30797937F732303D543061DAA463FCEF43567A9
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jktd3khmail02v.cloudkilat.me
Sending IP: 103.43.47.239
From: Jessica Chen <dana@soloeyewear.com>
Reply-To: Jessica Chen <dana@soloeyewear.com>
Subject: HB/L TLX
Attachment: docsx.eml.zip (contains "docs.eml.exe")

AgentTesla SMTP exfil server:
smtp.vivaldi.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_eml.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c2886409aeb5d9f2fda751b7e4de01be48898797b58670a44ef9696a8b637c2/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 12:10:42 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pquimqe25noz6l62ounx4tpadpsirgdzpnmgocse56ljnkfwg7ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7c2886409aeb5d9f2fda751b7e4de01be48898797b58670a44ef9696a8b637c2

(this sample)

AgentTesla

Executable exe 7b87995c3121e530fa11c32b58690f875c58f5dec133c5cb57c22fdf4ee237bb

  
Dropping
MD5 8756c5ebbcf20c40a60b9f2824b41850
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7b87995c3121e530fa11c32b58690f875c58f5dec133c5cb57c22fdf4ee237bb

Comments