MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f1c1a24d37a7017e4c8c2f3bf68f524a2ad523869a358f56c058466ebaaadf8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f1c1a24d37a7017e4c8c2f3bf68f524a2ad523869a358f56c058466ebaaadf8
SHA3-384 hash: 570e9050c29a5d14807f47c686a465a8bdc7f7072345782515dbab9db8deccba569848ae0a5588eae1ad24f3233c9b8e
SHA1 hash: 5d05cc1c69bed68ca63b06b38c8b082d8e328521
MD5 hash: c002cb73045f0f1eb1fd8bb84ff978c3
humanhash: moon-bulldog-alanine-november
File name:a befizetést igazoló.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'244 bytes
First seen:2020-06-23 14:25:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:f+j8WvtqF+uW+UTACA+ZyDyTx9i7jR90Finv8ta73nOAuiqnH4WwPad8FNtwXJex:m2WAZ+UDAuRw8+AuiqnHdwSdUNqJKf
TLSH 19942362F50CF69ACE615B81AE61F8368E2DA13157AE4174B1E48C205F57AA363FCC07
Reporter abuse_ch
Tags:AgentTesla geo HUN rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ultron8.titaniumsystem.es
Sending IP: 49.12.121.235
From: "i.fakete" <i.fakete@austrodiesel.axelero.net>
Subject: a befizetést igazoló
Attachment: a befizetést igazoló.rar (contains "doc_230620.exe")

AgentTesla SMTP exfil server:
mail.axb.pt:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f1c1a24d37a7017e4c8c2f3bf68f524a2ad523869a358f56c058466ebaaadf8/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 14:27:03 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p4obujgtpjybpzgiylz362hvesrk2uryngrvr5lmawcgn25kvx4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7f1c1a24d37a7017e4c8c2f3bf68f524a2ad523869a358f56c058466ebaaadf8

(this sample)

AgentTesla

Executable exe 20d9b3f41efb5490b00ffa6a8836dc9f9d379bbf1cce07fd022f641d162649bf

  
Dropping
MD5 488aa2585ba062ca31f8c7f8bfe878dc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20d9b3f41efb5490b00ffa6a8836dc9f9d379bbf1cce07fd022f641d162649bf

Comments