MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87ea6fb1fc1223e369459185cdb2933847f6ad84ae2ac2f5048a36c38e865178. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87ea6fb1fc1223e369459185cdb2933847f6ad84ae2ac2f5048a36c38e865178
SHA3-384 hash: d4f7370d869aacf1ac67ad8172db5b27a77edade46be07ad627a97807971155c1d0a45066328990e5cddd9d07dd5cb2c
SHA1 hash: 377f01d46b12a29e62f836f22094b911ea7a0541
MD5 hash: 9f5458d9c8fca99bd8ab7ec6d16f9089
humanhash: nitrogen-vermont-comet-harry
File name:Inquiry PV-008-19.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:8'127 bytes
First seen:2021-04-06 08:21:01 UTC
Last seen:2021-04-06 18:56:42 UTC
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 192:VociPMXNrmssuXDuZD5vG/GjCkduVUk/gbJ/H3oIb7p3Nd:GciMXNrmjuXo0QCkIVk/3oIp/
TLSH 36F19E0A1683665DFF52F0BDEC0AD9D11B400DFEEFC0BA3A5124A156992CDC6FBBA015
Reporter abuse_ch
Tags:7z


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: perfect-ventures.com
Sending IP: 103.147.184.72
From: Knaik Naik <knaik@perfect-ventures.com>
Subject: RE: Perfect Ventures inquiry PV-008-19
Attachment: Inquiry PV-008-19.7z (contains "Inquiry PV-008-19.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Drod7zip-A.879.7590.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87ea6fb1fc1223e369459185cdb2933847f6ad84ae2ac2f5048a36c38e865178/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q7vg7mp4cir6g2kfsgc43muthbd7nlmevyvmf5ieri3mhdugkf4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/87ea6fb1fc1223e369459185cdb2933847f6ad84ae2ac2f5048a36c38e865178

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 87ea6fb1fc1223e369459185cdb2933847f6ad84ae2ac2f5048a36c38e865178

(this sample)

AgentTesla

Executable exe 1434167f6c381546867873364610b20cbe1946ea749f6bdf82ac18453951cc12

  
Dropping
MD5 c507b9ce19600de1313c196618211338
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1434167f6c381546867873364610b20cbe1946ea749f6bdf82ac18453951cc12

Comments