MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e97ebd8f5f78875c971349b680d6b59cd1e255215ffc89f483bf5af25b6c37cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e97ebd8f5f78875c971349b680d6b59cd1e255215ffc89f483bf5af25b6c37cc
SHA3-384 hash: cac8e77322c16b38ad58ccb16e145d4852077f96d630dda0650f12384afdd700530dd2f6eea9da4c7c75809ff94d7af3
SHA1 hash: 9d10d47053b239626fcacbf7887b5a0cc5792592
MD5 hash: 12c343f3d2ae1ec55ca425b5e6333c1b
humanhash: happy-alpha-network-hamper
File name:NEW ROM 01-002361_PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'626 bytes
First seen:2020-07-30 10:43:42 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:kx3i883RQqTeOjfHLRYKObtTsEscGD2mt0bQ094MYG6iW8NgHJ3AvCsgXcBDB8IZ:kxSfV51otoCU09yc2pwPgM9L2hOaofp
TLSH F19423FF73E0E75530930B8D4A19248967F305267BCA4987F963B97C873782959282BC
Reporter abuse_ch
Tags:7z AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: de.uitn.com
Sending IP: 148.251.248.181
From: Mohamed shaban <oa05438@mellitahog.ly>
Reply-To: Mohamed shaban <soomla6384@yahoo.com>
Subject: TOP URGENT_NEW ROM: 01-002361
Attachment: NEW ROM 01-002361_PDF.7z (contains "NEW ROM 01-002361_PDF.exe")

AgentTesla SMTP exfil server:
mail.specialmetal.ir:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e97ebd8f5f78875c971349b680d6b59cd1e255215ffc89f483bf5af25b6c37cc/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5f7l3d27pcdvzfytjg3ibvvvtti6evjbl76it5edx5npew3mg7ga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e97ebd8f5f78875c971349b680d6b59cd1e255215ffc89f483bf5af25b6c37cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z e97ebd8f5f78875c971349b680d6b59cd1e255215ffc89f483bf5af25b6c37cc

(this sample)

AgentTesla

Executable exe 74284d75ec5a248c3e828f240f148fece66ad7375a779a0c14edde6edcf6e058

  
Dropping
MD5 a8fd4294be10f173372de2988987d339
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74284d75ec5a248c3e828f240f148fece66ad7375a779a0c14edde6edcf6e058

Comments