MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05954232357b98d634ff3e9f30a5a8cd9db26355d0debc00bf3f6ca192c84749. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05954232357b98d634ff3e9f30a5a8cd9db26355d0debc00bf3f6ca192c84749
SHA3-384 hash: 9aba26a4e05a0007d2e8f50ca9b1dee8d7364a3934a874dd72d749468f48117182439dc3c26e4603cd95412da831c4e9
SHA1 hash: 49ad3bd75924df347ed9b7a9a922408145fc46ca
MD5 hash: d3d0885decb45d79cb82779e791063a4
humanhash: timing-nevada-papa-bluebird
File name:revise pos.pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:437'435 bytes
First seen:2020-07-07 09:00:43 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:J9jqAFNSWYJthX6HsDDtB9sIWwtSkYYelJNykR:JH5eUHsDJB3PtSkYYiNh
TLSH AE942321457F1D3610E42E1268E3BA87CBD73FACC25FD31902926485C89462FA679FCE
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: Purchase Manager <marketing@majbootmhe.com>
Reply-To: Purchase Manager. <marketing@majbootmhe.com>
Subject: Revise Pos - Break up details!!!
Attachment: revise pos.pdf.zip (contains "revise pos.pdf.exe")

AgentTesla SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05954232357b98d634ff3e9f30a5a8cd9db26355d0debc00bf3f6ca192c84749/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:02:09 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=awkuemrvpomnmnh7h2ptbjnizwo3ey2v2dplyaf7h5wkdewii5eq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 05954232357b98d634ff3e9f30a5a8cd9db26355d0debc00bf3f6ca192c84749

(this sample)

AgentTesla

Executable exe 6829d0fda2947fe416b54669b3bfa03020e2b191f412292f5b6a53abb638bcfd

  
Dropping
MD5 52c543ad20bb81f1cecc7fb1d8ca7e8a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6829d0fda2947fe416b54669b3bfa03020e2b191f412292f5b6a53abb638bcfd

Comments