MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ea4f57888367a2f6163cfea2d68cf01c7a0f60f26289a1919d3dd966f54ed7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ea4f57888367a2f6163cfea2d68cf01c7a0f60f26289a1919d3dd966f54ed7a
SHA3-384 hash: dae56bc91f7fa4cb9c450c52010fb65f664242e51d8f5baf6e9a4b329f3c37087915605c4bc16836aedec542437d2cb4
SHA1 hash: 773e7bf79f16854f33b8aadc2ad806cd43f492b4
MD5 hash: 5dbe9b361b309904724fd00aafe3694f
humanhash: romeo-paris-beer-crazy
File name:DSV_GR__316_25092020PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:549'340 bytes
First seen:2020-10-05 11:39:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:2ZuK8wBU+Kq82F3NF9ccojiFKVKiaewSpL7TWhTpaIOVQ8yiqMSW:2ZuKFuTs3mjaKVKi/wS1fVQ8yiqMSW
TLSH 19C4230A49B6756BF14991D2470385C7CB30C90A0D4CD23AAADBC86AEDDDDB815ECE7C
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: host.adtxeral.com
Sending IP: 89.248.107.19
From: Eleni Georgiadou - DSV <eleni.georgiadou@gr.dsv.com>
Subject: Σ10070-MERIDIAN-ΟΓΚΟ ΚΑΙ ΛΕΠΤΟΜΕΡΕΙΕΣ ΦΟΡΤΩΣΗΣ
Attachment: DSV_GR__316_25092020PDF.7z (contains "DSV_GR__316_25092020PDF.exe")

AgentTesla FTP exfil server:
ftp.solarcenter.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ea4f57888367a2f6163cfea2d68cf01c7a0f60f26289a1919d3dd966f54ed7a/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2spk6eigz5c6yldz7vc22gpahd2b5qpeyujugiz2pozm32u5v5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ea4f57888367a2f6163cfea2d68cf01c7a0f60f26289a1919d3dd966f54ed7a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7ea4f57888367a2f6163cfea2d68cf01c7a0f60f26289a1919d3dd966f54ed7a

(this sample)

AgentTesla

Executable exe c1dad248279062c4c79245226d28fe8565bad5d652b0dae10ed81b310581e73d

  
Dropping
MD5 12afa28c995065bbd245ceac4115a62c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1dad248279062c4c79245226d28fe8565bad5d652b0dae10ed81b310581e73d

Comments