MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa7f7809e4db75e8324e5800acecc1fbcd93b5693db727c79145bdbc293b3539. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa7f7809e4db75e8324e5800acecc1fbcd93b5693db727c79145bdbc293b3539
SHA3-384 hash: 971cb7b6b758ec4e109008a0668f78e5e2ef61798d1d8a5fc0596727e7087485e55693f637b51939f1061e5774faa06f
SHA1 hash: 95fc0bf1451e8b46214671c43cd688435b7133c8
MD5 hash: 9ed0d57b4663083e080f5f277db732e3
humanhash: apart-hot-uranus-snake
File name:SALES ORDER INQUIRY.7Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:443'965 bytes
First seen:2020-04-30 09:31:34 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:1fbAActjTsAoLi6qoMXtaqNoORoyai3nMzihrvDBMsKGTNbO3vHQs8VuK+2Mzkza:elFsrVqKJUMMrv+cTlOoNJ+6CIHyFhR
TLSH 1C94239614B0EC8CF6882D2E54E4871D6B6E7B8EBA31B06CCF5919083C76124B75D3F6
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rolkingfelt.com
Sending IP: 62.113.202.116
From: Brain<info@rolkingfelt.com>
Subject: SALES CONTRACT ORDER INQUIRY
Attachment: SALES ORDER INQUIRY.7Z (contains "SALES ORDER INQUIRY.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 09:36:33 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
20 of 30 (66.67%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vj7xqcpe3n26qmsolaakz3gb7pgzhnljhw3spr4riw63ykj3gu4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z aa7f7809e4db75e8324e5800acecc1fbcd93b5693db727c79145bdbc293b3539

(this sample)

AgentTesla

Executable exe bcc18ed33180e9661d41fc120c6008875fc214c569cc5e15a87fa93fd9e4f5f4

  
Dropping
MD5 1dfd176a3fd79f53aa817d028178327a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bcc18ed33180e9661d41fc120c6008875fc214c569cc5e15a87fa93fd9e4f5f4

Comments