MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97294c3306a417bf5d8f75d621c0cc538eb4fa6343e12a09b49f831b79ea1869. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97294c3306a417bf5d8f75d621c0cc538eb4fa6343e12a09b49f831b79ea1869
SHA3-384 hash: 2464839c6e085bc291e844d4db62cfb9b90ada077eb0c3ac1d6f95f47b2de0562f0108230bd09c398801a178c73b3a9f
SHA1 hash: df67c2c17cc12fd4b07b941c49c394f5b1277a32
MD5 hash: efab17425964fde1c1216b0be6b41273
humanhash: snake-avocado-carpet-fruit
File name:mla.pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:969'753 bytes
First seen:2020-06-08 08:37:59 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 24576:CcBCOh7URCJOqmALmSwK49Ue7s5b+AfBjja:r7mcwRUe7s5JfBa
TLSH C425335D1221C21758776BA3C3B3D4944AD771BE3F6F63D8901CF68CE86A23D2D28A16
Reporter abuse_ch
Tags:7z AgentTesla geo HUN


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gelf23.thinline.cz
Sending IP: 91.239.200.72
From: János <accountant@OTPBank.hu>
Subject: Re: Fizetés_számla visszaigazolás
Attachment: mla.pdf.7z (contains "mla.pdf.exe")

AgentTesla FTP exfil server:
ftp.tde.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 08:39:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s4uuymyguql36xmpoxlcdqgmkohlj6tdipqsucnut6brw6pkdbuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 97294c3306a417bf5d8f75d621c0cc538eb4fa6343e12a09b49f831b79ea1869

(this sample)

AgentTesla

Executable exe f0f7c7b28fe0b5fb53e8290155ea85336b409d919d9d13db4505ac70dbaaf6c1

  
Dropping
MD5 e8355118a211d81eee4632bbdef3cede
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f0f7c7b28fe0b5fb53e8290155ea85336b409d919d9d13db4505ac70dbaaf6c1

Comments