MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7a1add27fec8a72327fb431f92507764b29fc3adf030e208e020c8cae0414e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7a1add27fec8a72327fb431f92507764b29fc3adf030e208e020c8cae0414e7
SHA3-384 hash: a61ce5ca4b8dc6740b4d4c878ec618f9ce1dd1d73a94d214eb9177c178999dab5723a0fdb36a90d89c57a814093a0224
SHA1 hash: b653ae6b49a3af7114caea472b95d9e0f1484d98
MD5 hash: 85fa18c858e04f9b571859d4cbd34bb7
humanhash: illinois-ink-green-golf
File name:Spec82382.xlsx.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'043'202 bytes
First seen:2020-06-20 05:48:36 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:2xXcPjadv9Z83nxH0qlp5QJgjNLE6mRqlpx4Tc2a6a:sw2dFZzqlpG2jmqlpx4T8
TLSH D42533795F127CECD60E5D32C9F65F90B95C98CE248939342ACF7715088B8B8B6B8C84
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: serve0.zjcimic.pw
Sending IP: 104.168.148.163
From: John Hodge <jhodge@fabricandyarn.net>
Subject: RE: Specification
Attachment: Spec82382.xlsx.z (contains "Spec#82382.xlsx.exe")

AgentTesla SMTP exfil server:
mail.granisa.com.br:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27214.RarHeur.nocdb.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspected-exe-in-RAR.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 05:50:06 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=26q23ut75sfhemt7wqy7sjihozfst7b234bq4ieoaigizlqecttq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z d7a1add27fec8a72327fb431f92507764b29fc3adf030e208e020c8cae0414e7

(this sample)

AgentTesla

Executable exe 0557646805d712ca2f91d47d8cb95a292b611886903e6824f3948182228ef750

  
Dropping
MD5 8ce4ac2e900a07024e2dcb9eec51c620
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0557646805d712ca2f91d47d8cb95a292b611886903e6824f3948182228ef750

Comments