MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7de5607a4d813b02830c68e50fcef26e5a647865d5ba65e4a2fa6b57b940c038. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	7de5607a4d813b02830c68e50fcef26e5a647865d5ba65e4a2fa6b57b940c038
SHA3-384 hash:	c118d8766a182c861ef8c5f073be5e61ff59826ba3ac7c1cea5cd84ec282cef7c5ea6f4189d8206f864e3a95ef4b15c6
SHA1 hash:	b863c5f2a8bbc81a1fc9c2e265602be6f14169ca
MD5 hash:	c054272141305595d7c39457d58e857e
humanhash:	lemon-hotel-sodium-ink
File name:	ITEMS_LIST.iso
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	385'024 bytes
First seen:	2021-03-04 06:21:19 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	6144:u9mey4JlCjm+2biRxDtZUpryD2grg3o57DnHvOcvhjNp/tT8LxBjZ:Ezr6Z8pWKI57zHvBHtW
TLSH	AF841216F6E088B7E12647B9482BB37CFA33B51090721997BBEC2C595B637835E0D346
Reporter	fabjer
Tags:	iso

Intelligence

File Origin

# of uploads :

1

# of downloads :

95

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Neshuta-1

PUA.Win.Packer.Pequake-4

Sanesecurity.Rogue.0hr.20210304-0306.UNOFFICIAL

Win.Virus.Neshta-7101689-0

PUA.Win.Downloader.Soft32downloader-6691270-0

PUA.Win.Adware.Slugin-6840354-0

Win.Trojan.Jadtre-5

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7de5607a4d813b02830c68e50fcef26e5a647865d5ba65e4a2fa6b57b940c038/

Threat name:

Win32.Virus.Neshta

Status:

Malicious

First seen:

2021-03-04 00:50:20 UTC

AV detection:

28 of 48 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pxswa6snqe5qfaymndsq7txsnzngi6df2w5glzfc7jvvpokaya4a._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7de5607a4d813b02830c68e50fcef26e5a647865d5ba65e4a2fa6b57b940c038

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso 7de5607a4d813b02830c68e50fcef26e5a647865d5ba65e4a2fa6b57b940c038

(this sample)

exe 94cea10956f43a889c8714c742cb10e57b44919a05c2c4703d3111acc5d6aafc

Dropping

SHA256 94cea10956f43a889c8714c742cb10e57b44919a05c2c4703d3111acc5d6aafc

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample