MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 032adaf22a352c817864515917c4db4297b08f52356508128ee56aa74a188d9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 032adaf22a352c817864515917c4db4297b08f52356508128ee56aa74a188d9c
SHA3-384 hash: 69268851401cacb0d66807646dfe285e2850fa0e5539ab2c2cf65d5cfc666ee113eac1eb459773f5c7057a50c4709102
SHA1 hash: e07349d908a78451a0b6432a0e377f4799c86bc6
MD5 hash: e009342f394245652b8df24db5176a32
humanhash: princess-hot-pizza-uncle
File name:ENQUIRY.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:445'335 bytes
First seen:2020-07-10 07:31:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:AsPo18TafKIduCeSZP0CGgR8OBig8N/QZ60ohj/yLhG:7LafuC5Gu8OGNQ6tzyLhG
TLSH 0C9423A67DDB0BBBBCC02EAA81BD6E097445882EF9464754FCD65302234D1739263C2E
Reporter abuse_ch
Tags:AgentTesla Endurance rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: jason@sigasia.org
Reply-To: oscar.martinez.carnca@gmail.com
Subject: RE:RE:ENQUIRY
Attachment: ENQUIRY.rar (contains "ENQUIRY.exe")

AgentTesla SMTP exfil server:
mail.dadupipes.com:26

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/032adaf22a352c817864515917c4db4297b08f52356508128ee56aa74a188d9c/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:33:03 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=amvnv4rkguwic6dekfmrprg3ikl3bd2sgvsqqeuo4vvkosqyrwoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 032adaf22a352c817864515917c4db4297b08f52356508128ee56aa74a188d9c

(this sample)

AgentTesla

Executable exe cef6e0c3abe51304b99c2703c06a88a3aab24c34dc8f22142cd763ece46c9266

  
Dropping
MD5 30ea4d2105032a5860b1d7e63959e2cb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cef6e0c3abe51304b99c2703c06a88a3aab24c34dc8f22142cd763ece46c9266

Comments