MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 241186623c8acfd057aa28b1ce95e5c66a6bd5396846eebdc90aedbe23563f74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 241186623c8acfd057aa28b1ce95e5c66a6bd5396846eebdc90aedbe23563f74
SHA3-384 hash: 79f7ef8699cd270a5ab23a9ca829d2cf4bd878294b85e6cee56ec1229f0626a4fdbb5e8009d9fe9bd2dc541d52442aec
SHA1 hash: bc6b00f4f5a223583c31d27314b6f596f5c6896a
MD5 hash: eec5ff9c19d48f510f0fa7ba2a1a2ff4
humanhash: leopard-burger-mockingbird-pennsylvania
File name:Payment-Receipt.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'897 bytes
First seen:2020-06-15 16:05:06 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288://Rp7QPj3WiEexhzvrQK7AbYNFBJHg3vKYeO1qsykr+:/Jp7QTWXexhrT7gYo3aO1Ikr+
TLSH 7394237A48098CE1D5E58B60F65ADC47FC85FAA7F23C6881D86E98C13A470FE75C881C
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Garanti BBVA <garanti@info.garantibbva.com.tr>
Received: from srv1.demspor.com (unknown [31.169.94.221])
Date: Mon, 15 Jun 2020 16:27:10 +0100
Subject: Payment Receipt for due invoices/kindly confirm ASAP.
Attachment: Payment-Receipt.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 16:07:03 UTC
File Type:
Binary (Archive)
Extracted files:
30
AV detection:
32 of 47 (68.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqiymyr4rlh5av5kfcy45fpfyzvgxvjznbdo5pojblw34i2wh52a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 241186623c8acfd057aa28b1ce95e5c66a6bd5396846eebdc90aedbe23563f74

(this sample)

AgentTesla

Executable exe c947c1c6634e3385b6e8c95ca80510c6191c7bad1b50d243b41410ac0d4df044

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c947c1c6634e3385b6e8c95ca80510c6191c7bad1b50d243b41410ac0d4df044

Comments