MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c4a42835a7782a51e8463dcaa36df09e6fbe571a79008470e6f25d6a7fc0625. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c4a42835a7782a51e8463dcaa36df09e6fbe571a79008470e6f25d6a7fc0625
SHA3-384 hash: ed89db459d8938a8b3dc63975fb986455d05a0e0839009f276e116f2d183d7f75767d7f4071ad6679c068e9527df493d
SHA1 hash: 4b12781868c6ee408596967528ae193add5f0632
MD5 hash: 3ef5952fc7dd0e8737e12913c437baba
humanhash: yellow-kansas-washington-vegan
File name:Order Inquiry5500298705.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:557'056 bytes
First seen:2020-10-15 17:23:27 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:bpV4sdpJumyNZ0JhNqBeSoUFxee9G7Muegxr:bpjJuI9
TLSH 33C46BB86948966DF95E4C73CC9D08E351387C5FCD87F2C768072AC88D2A541EAB21BD
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: gasarabian.com
Sending IP: 5.206.224.128
From: Mohammed Aquib <aqiub@gasarabian.com>
Subject: New Inquiry RFQ#5500298704
Attachment: Order Inquiry5500298705.img (contains "Order Inquiry#5500298705.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c4a42835a7782a51e8463dcaa36df09e6fbe571a79008470e6f25d6a7fc0625/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 14:30:25 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=prfefa22o6bkkhuempokunw7bhtpxzlru6iaqryon4s5nj74aysq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7c4a42835a7782a51e8463dcaa36df09e6fbe571a79008470e6f25d6a7fc0625

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 7c4a42835a7782a51e8463dcaa36df09e6fbe571a79008470e6f25d6a7fc0625

(this sample)

AgentTesla

Executable exe 61a57f66dd47818dbde83c6b2eae0bfe5ecac215605e3fac4c4a2a30c270cc04

  
Dropping
MD5 c44e9a760b9364f27e728f0fd6e37490
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61a57f66dd47818dbde83c6b2eae0bfe5ecac215605e3fac4c4a2a30c270cc04

Comments