MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94ea0cfc2334b32c578f85478968b2e2115ffc0b408ddb4ba70d65e5a92d755c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94ea0cfc2334b32c578f85478968b2e2115ffc0b408ddb4ba70d65e5a92d755c
SHA3-384 hash: eeab2eaf125f67b5ab05f2c6bd656d56484668e1342ac366067b02644b0bc449c541bf1f607d2cf7a433c58a87018025
SHA1 hash: 7867ae0752dacf4676d0657103a5a27878a77b7a
MD5 hash: 2349d86fd0959493141e22fccdf2bb8f
humanhash: apart-papa-two-may
File name:αριθμός παραγγελίας. 21130250321.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:252'889 bytes
First seen:2021-03-25 10:15:14 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 6144:kxuDg9ffP4yAYdUMNGW9PTRABzrxBIbUCGxcR7ZQC1:kx2g9ffDhGWxmXIbUCjrJ
TLSH 9534234BCF9011E6EB6089DBD8305E64D0E7FCA9B46A2944DC12044D87FD3A31FE662E
Reporter abuse_ch
Tags:7z geo GRC


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: relay1.validname.com
Sending IP: 185.65.56.195
From: Dana Fakiri <dfakirl@lino.gr>
Subject: αριθμός παραγγελίας. 21130-250321
Attachment: αριθμός παραγγελίας. 21130250321.7z (contains "αριθμός παραγγελίας. 21130250321.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.23626.735.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94ea0cfc2334b32c578f85478968b2e2115ffc0b408ddb4ba70d65e5a92d755c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-03-25 10:16:09 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=stvaz7bdgszsyv4pqvdys2fs4iiv77alicg5ws5hbvs6lkjnovoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/94ea0cfc2334b32c578f85478968b2e2115ffc0b408ddb4ba70d65e5a92d755c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 94ea0cfc2334b32c578f85478968b2e2115ffc0b408ddb4ba70d65e5a92d755c

(this sample)

AgentTesla

Executable exe 4f332e317c5116e7c9b64ea8084a39aa4fff859a056ce9463557bdb0093eab55

  
Dropping
MD5 3a266a2755c4ac0ceb04cf78cb22e19c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4f332e317c5116e7c9b64ea8084a39aa4fff859a056ce9463557bdb0093eab55

Comments