MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA 18 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e
SHA3-384 hash: 9f001812809d7c884aa559787bd7798184256ffd0da3b037729eaacfb4f2169c09eddcbe2c9753dd00e7a12058b5735f
SHA1 hash: 643872e04b0402bf194bd941c5c949a1ec7ef4b0
MD5 hash: a32209e5f45970d49f0f92700ebb723e
humanhash: east-purple-edward-seventeen
File name:New_Orders 182025.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'358 bytes
First seen:2025-02-18 20:36:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:OcXq46AGLQ/U0LSayosxmD74httsCwMWUaDU:/J6AQ+UOSHosxmqtpw3C
TLSH T19E9423B94A10BE1058823F3A2D51EF5144E647DCAC8DE50904EB8D4648E1BDEE396BFF
Magika zip
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Vajra Alloys, Pune<contact@vajraalloys.co.in>" (likely spoofed)
Received: "from vajraalloys.co.in (216-131-77-250.ord.as62651.net [216.131.77.250]) "
Date: "18 Feb 2025 12:35:18 -0800"
Subject: "New requirement Orders"
Attachment: "New_Orders 182025.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:New_Orders 182025.com
File size:1'354'864 bytes
SHA256 hash: 022ea38dadfe09c2538d91cc4938406ac328aabc9bafcfb8f794c980e1a25fb5
MD5 hash: 316893960bc3f95b86ee1290caf5477f
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b47bc528ab76d43a5b9fa8
Tags:
smartassembly packed virus
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
invalid-signature masquerade obfuscated obfuscated obfuscated overlay packed signed smart_assembly
Link:
https://www.filescan.io/uploads/67b4ef81de5f893502e0c25a/reports/539d5222-c261-4fa7-9e5f-b6029228533b/overview
Verdict:
Suspicious
Labled as:
Trojan.U.AgentTesla
Link:
https://www.hybrid-analysis.com/sample/7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e
Score:
85%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e/
Threat name:
Win32.Spyware.Negasteal
Create hunting rule
Status:
Suspicious
First seen:
2025-02-18 10:21:30 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 37 (48.65%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p6u5xqyv4saynswjmgy2hiokv74hx7i6l5e3747lyk53leamezpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.03
Link:
https://yomi.yoroi.company/submissions/7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with SmartAssembly
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_imphash
Create hunting rule
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:svg_attached_js_code
Create hunting rule
Author:Anish Bogati
Description:Detects suspicious SVG files with JS code and base 64 encoding
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7fa9dbc315e48186cac961b1a3a1caaff87bfd1e5f49bff3ebc2bbb5900c265e

(this sample)

AgentTesla

Executable exe 022ea38dadfe09c2538d91cc4938406ac328aabc9bafcfb8f794c980e1a25fb5

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 022ea38dadfe09c2538d91cc4938406ac328aabc9bafcfb8f794c980e1a25fb5
  
Dropping
AgentTesla

Comments