MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c3822b0015e740bb3e9a1c4d0d5da368cae8117a820152377d41de49ff3ca36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara 4 Comments

SHA256 hash: 7c3822b0015e740bb3e9a1c4d0d5da368cae8117a820152377d41de49ff3ca36
SHA3-384 hash: 70cb3c12f77456b0a21d645a083cfdc2b6d2af252a5b67e70f2681621528744fe081db29f8b8cbb37104136bff7fe7e4
SHA1 hash: b10646324228a4b21154ef6e7d9d5469a61364e7
MD5 hash: 14b2d3f08ad6543c060d19748f526167
humanhash: winner-summer-artist-skylark
File name:11203780.xls
Download: download sample
Signature AgentTesla
File size:176'128 bytes
First seen:2020-06-30 12:07:50 UTC
Last seen:2020-06-30 13:11:25 UTC
File type:Excel file xls
MIME type:application/vnd.ms-excel
ssdeep 3072:Nk3hOdsylKlgryzc4bNhZFGzE+cL2knAgKKWXQ3kl/GVMfliRx4J2iSAqsaHH8aB:Nk3hOdsylKlgryzc4bNhZF+E+W2knAgO
TLSH C004DFB3B665DD82DE65073D0EEA96861723BC0E1F9AC69B7324F75F7F701808882506
Reporter @abuse_ch
Tags:AgentTesla xls Yahoo


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: sonic315-15.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.134.125
From: ALOROBA.Cont.Co. L.L.C <d_rojas.borgatta@yahoo.com>
Reply-To: ALOROBA.Cont.Co. L.L.C <hunt-greg@hotmail.com>
Subject: INV&SWIFT E20/001828 GWENT
Attachment: 11203780.xls

AgentTesla payload URL:

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 2
# of downloads 27
Origin country US US
ClamAV TwinWave.EvilDoc.WSHCROVARCHRMATHLONGGONE.20200524.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/7c3822b0015e740bb3e9a1c4d0d5da368cae8117a820152377d41de49ff3ca36/
ReversingLabs :Status:Malicious
Threat name:Document-Word.Trojan.Sagent
First seen:2020-06-30 12:09:05 UTC
AV detection:7 of 31 (22.58%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-qscm33xjcj/
Tags:keylogger trojan stealer spyware family:agenttesla
VirusTotal:Virustotal results 29.03%

Yara Signatures


Rule name:Agenttesla_type2
Author:JPCERT/CC Incident Response Group
Description:detect Agenttesla in memory
Reference:internal research
Rule name:CAP_HookExKeylogger
Author:Brian C. Bell -- @biebsmalwareguy
Reference:https://github.com/DFIRnotes/rules/blob/master/CAP_HookExKeylogger.yar
Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples
Rule name:win_agent_tesla_w1
Author:govcert_ch
Description:Detect Agent Tesla based on common .NET code sequences

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Excel file xls 7c3822b0015e740bb3e9a1c4d0d5da368cae8117a820152377d41de49ff3ca36

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments