MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fa4250eb5e3a7d1a40afd487df3e51a328ab4b8f3a7ed7fc878e7051bb5b823. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fa4250eb5e3a7d1a40afd487df3e51a328ab4b8f3a7ed7fc878e7051bb5b823
SHA3-384 hash: 80c7b348dc852a174a170bbf2522a730f949087c7e8e767c7d269df7dc2053095cd84f4a0e84acbc74e8b7fa780f5174
SHA1 hash: 9ad1ee768310f2343d62fd9c1e21d5c347d0e0dd
MD5 hash: ffb4b964e87a47562c80baf61e7e2869
humanhash: spaghetti-jig-king-island
File name:RFQ CSDOK202040890.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:17'651 bytes
First seen:2021-02-22 07:25:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:YM5x4NhGsZltRZyK8oXnxSHAzK8Vrli22rq3TNmTWIFacukyx7h2Hl:pABtnyNYxSIVlqrE5gWI49h2Hl
TLSH 1782E14B0B3295524443A12BD3F5F3AF913506589212DB4D43DA56C3E3FE0A17FE8CA8
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: server.sardsgroup.com
Sending IP: 50.7.154.162
From: OLA KHALIL <ola@chesles.com>
Subject: Request for Quotation - Supply & Delivery of Items
Attachment: RFQ CSDOK202040890.rar (contains "RFQ CSDOK202040890.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7fa4250eb5e3a7d1a40afd487df3e51a328ab4b8f3a7ed7fc878e7051bb5b823/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p6sckdvv4ot5djak7veh347fdizivnfy6ot6276ipdtqkg5vxarq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 7fa4250eb5e3a7d1a40afd487df3e51a328ab4b8f3a7ed7fc878e7051bb5b823

(this sample)

AgentTesla

Executable exe 99769d0977440ba9b1d1a8c12794e05f3c716753d856e999289e115fe91e466f

  
Dropping
MD5 e1157cf512d4192eb2808be948d7e0ec
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 99769d0977440ba9b1d1a8c12794e05f3c716753d856e999289e115fe91e466f

Comments