MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c9d8eb662c655cd9dfc30fcb10e086386193d61f7306fd75637d8eeb8badd45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c9d8eb662c655cd9dfc30fcb10e086386193d61f7306fd75637d8eeb8badd45
SHA3-384 hash: 9e9dac719bb964ec6bea596acebb60db14011409a1ea77adc5b6dff5b878024b389efd201e257c8117088c436ab88103
SHA1 hash: 53f5714e41c3d61677d07cc9d138df20913546be
MD5 hash: f7b2af2fdae8835266c03596a00e32f1
humanhash: uncle-lima-romeo-sodium
File name:confirm PI#10020210546.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'638'400 bytes
First seen:2021-10-08 08:07:28 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:zzwA0fDyL9pD3n+0SN8AXL0zVmc9zvF2A8k+RL4:4x+L7D3+1N8wL0R1ldX8k88
TLSH T13C7506002695C701D1B637F5D860CAF093656C55EA29C28B2DF1BEDB79B1B03CE11AAF
Reporter cocaman
Tags:AgentTesla img


Avatar
cocaman
Malicious email (T1566.001)
From: "Nasser (AW WONG LTD) <nasser.h@awwong.com>" (likely spoofed)
Received: "from awwong.com (unknown [185.222.58.155]) "
Date: "7 Oct 2021 20:16:47 +0200"
Subject: "New FCL Order - Order IS01OCT5"
Attachment: "confirm PI#10020210546.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.21178.18311.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
monero obfuscated packed
Link:
https://www.filescan.io/uploads/615ffc65e3d213d202bb378a/reports/4f4eacd4-b44b-4285-8ff2-6d319279763c/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c9d8eb662c655cd9dfc30fcb10e086386193d61f7306fd75637d8eeb8badd45/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-10-08 08:08:08 UTC
File Type:
Binary (Archive)
Extracted files:
35
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=psoy5ntcyzk43hp4gd6lcdqimodbsplb64yg7v2wg7mo5of23vcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7c9d8eb662c655cd9dfc30fcb10e086386193d61f7306fd75637d8eeb8badd45

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 7c9d8eb662c655cd9dfc30fcb10e086386193d61f7306fd75637d8eeb8badd45

(this sample)

AgentTesla

Executable exe 4e7451de9580ec0fb96acccc20fbfcc867e96250dc7acfce5032417d8f3b1b82

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e7451de9580ec0fb96acccc20fbfcc867e96250dc7acfce5032417d8f3b1b82
  
Dropping
AgentTesla

Comments