MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f627f2a810785ed339f1154aa4ed40be601ed82f653ff9c41366963e13789c9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f627f2a810785ed339f1154aa4ed40be601ed82f653ff9c41366963e13789c9
SHA3-384 hash: a5aad33290791ed71ca9f860d6713971087f03c2f22efcc0393744dbe07a8bd9fce338f8dd1bc6676c56b689492b175c
SHA1 hash: 0b80189fe76f1e8cba78cc9d8b63e21add7e125e
MD5 hash: a2c7b1782b54ba5c006e29def9232ea7
humanhash: oranges-spring-foxtrot-venus
File name:SOA.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'063'764 bytes
First seen:2020-08-20 06:16:30 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:hZSHP99wIvMMirS+qC7es8G2BrDR0dhoG1Gr2zxg6wQ:GP/MWo2BGDoGAWx9
TLSH 313533D5A5B5C4DAA243A3D3C8082DE1AED6DE616D7C3EC72E1BC9010A513D39E3C92D
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email
From: ADMIN <cas@environment.go.ke>
Received: from mail.environment.go.ke (unknown [41.89.1.174])
Date: Thu, 20 Aug 2020 05:01:47 +0300 (EAT)
Subject: Fwd: UPDATED STATMENT OF Account..
Attachment: SOA.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f627f2a810785ed339f1154aa4ed40be601ed82f653ff9c41366963e13789c9/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-20 06:18:07 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5rh6kuba6c62m47cfkkutwubptad3mc6zj77hcbgzuwhyjxrheq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7f627f2a810785ed339f1154aa4ed40be601ed82f653ff9c41366963e13789c9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7f627f2a810785ed339f1154aa4ed40be601ed82f653ff9c41366963e13789c9

(this sample)

AgentTesla

Executable exe 70702736a096d0a983d9f92b221c5fc29998107a4c9d84048611fc946c3d011a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 70702736a096d0a983d9f92b221c5fc29998107a4c9d84048611fc946c3d011a
  
Dropping
AgentTesla

Comments