MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e9effee68d07a3300af5033b7af9d6eed4dcea6f5dd2d73025ec418d57fa6fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e9effee68d07a3300af5033b7af9d6eed4dcea6f5dd2d73025ec418d57fa6fb
SHA3-384 hash: 33db74dc3fc633d82c8fa47923706b7327e53969bb745b66fecb1a6254dbca54bfeb87a93547f4775307325ac0e451e0
SHA1 hash: afaca5fec100e1e294f76e14e8e3e6b83b5427af
MD5 hash: 2fa390f69454d920868d29b9a02dfffe
humanhash: ack-coffee-sad-lemon
File name:MT103RIF100820-PDF_________________________________________________.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:455'266 bytes
First seen:2020-08-13 13:39:18 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:r2s7uDavMu5R9rBnm+AZ03JL/yhGxTNA4G9qsSLDAH/c94j:6s7uDavMuFNn9AZoJO8xTCIt2p
TLSH 09A423FF9511D3598683B576F5120BCEDD22BEC6B02CBD3D9A999828A7B348474C090F
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: jinasia.com
Sending IP: 185.222.57.80
From: "진아산업"% <jinasia@jinasia.com>
Subject: Fwd: MT103RIF100820
Attachment: MT103RIF100820-PDF_________________________________________________.gz (contains "MT103RIF100820-PDF_________________________________________________.gz.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e9effee68d07a3300af5033b7af9d6eed4dcea6f5dd2d73025ec418d57fa6fb/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 13:41:07 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2pp73ti2b5dgafpkaz3pl45n3wu3tvg6xos24ycl3cbrvl7u35q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7e9effee68d07a3300af5033b7af9d6eed4dcea6f5dd2d73025ec418d57fa6fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 7e9effee68d07a3300af5033b7af9d6eed4dcea6f5dd2d73025ec418d57fa6fb

(this sample)

AgentTesla

Executable exe 09e71602eb0764d2729c47a67c19d64deecca8aa175b529f271cf72795725502

  
Dropping
MD5 cdca6a54649a21b1e7458999431b4986
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09e71602eb0764d2729c47a67c19d64deecca8aa175b529f271cf72795725502

Comments