MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df745edcaf0b35950e4ff93fe152c542feb95810dacc1fe331ed5af5f2ba09f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df745edcaf0b35950e4ff93fe152c542feb95810dacc1fe331ed5af5f2ba09f7
SHA3-384 hash: e24d37816cc7e40d5650d1075c882df59b0a02191407e13d55ba0d465f9fb6e2f0e3714f8879e869641729bbb213ebe5
SHA1 hash: b417362599dfc56b5e9bfecb6b8e2fad31706fea
MD5 hash: 2cafee9995e0a6049e80fa8ec4fc02a2
humanhash: crazy-princess-uncle-sierra
File name:eml Bank.pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:404'057 bytes
First seen:2020-06-15 14:29:23 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:1tL2mqyB1qb9aVz0wUmB6XY0/Ut9cVa1GtMRUz9+AebhQUDmdZsZZYkI4l:1Z2FyBbVzPxeUncV5MOIxyUDE8ZEC
TLSH 7A84234D48C0B72CC9CBE898E01DBA5CA5CC2732BEC3E2766429D3EA75B517950D067B
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: nfil.in
Sending IP: 185.118.165.172
From: BD Shukla <bd.shukla@nfil.in>
Subject: Payment Verification
Attachment: eml Bank.pdf.7z (contains "eml Bank.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 14:31:04 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=352f5xfpbm2zkdsp7e76cuwfil7lswaq3lgb7yzr5vnpl4v2bh3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z df745edcaf0b35950e4ff93fe152c542feb95810dacc1fe331ed5af5f2ba09f7

(this sample)

AgentTesla

Executable exe 6d84b5fae748cb967181bfba0a8803f91bb47a557600be053aab1bdc70b0e829

  
Dropping
MD5 31dbd2120b5884decaf71f8e5856b05a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d84b5fae748cb967181bfba0a8803f91bb47a557600be053aab1bdc70b0e829

Comments