MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a10bb7f62760b8883dd8466db3ba54406bac49936bf6c4cdbb479fdd760c9ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a10bb7f62760b8883dd8466db3ba54406bac49936bf6c4cdbb479fdd760c9ef
SHA3-384 hash: 9894fc165765c072894d600141179b0db9555d79ef8b2d05df8f79f1a212e2c0426d3187351d95f6f9dfe0b4c3b4b7e3
SHA1 hash: 6b2fa4e75ca11e22302e55a4c9a035bc80352fbe
MD5 hash: 830fb4cba43d5392969369bdf197bce7
humanhash: jersey-rugby-fix-lion
File name:كشف حساب مستحق الدفع1.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'011'788 bytes
First seen:2020-08-27 05:38:00 UTC
Last seen:2020-08-27 05:39:19 UTC
File type: 7z
MIME type:application/x-rar
ssdeep 24576:htd7BKTigg+Z4ZK6WqjQCg/ggGtRfotFZKXHBOqtWU:H1szZ4ZDWqjfEggmdon0Oqn
TLSH 9925333553A41D3EBBC25C6DDC31BF297805702F82A3163AE1738A1B325EFA6562BC41
Reporter abuse_ch
Tags:7z AgentTesla ARE geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: fnadh-37.srv.cat
Sending IP: 46.16.62.196
From: Rajeswary M.R. <raji@pr-uae.com>
Reply-To: raji@pr-uae.com
Subject: كشف حساب مستحق الدفع.
Attachment: كشف حساب مستحق الدفع1.7z (contains "كشف حساب مستحق الدفع1.bat")

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a10bb7f62760b8883dd8466db3ba54406bac49936bf6c4cdbb479fdd760c9ef/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 05:39:07 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fiilw73coyfyra65qrtnwo5fiqdlvrezg27wytg3wr473v3azhxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a10bb7f62760b8883dd8466db3ba54406bac49936bf6c4cdbb479fdd760c9ef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 2a10bb7f62760b8883dd8466db3ba54406bac49936bf6c4cdbb479fdd760c9ef

(this sample)

AgentTesla

Executable exe 263bb9ed145f4847b527e4c0a1ad93fa24ad2fd0859a11825fe9d3cc97d5367b

  
Dropping
MD5 7c4af8af74f255a19506d1b66b6e64e2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 263bb9ed145f4847b527e4c0a1ad93fa24ad2fd0859a11825fe9d3cc97d5367b
  
Dropping
SHA256 0c2e1c5be8a1cdbad1b22fbaf5e376881c436caca2de9037188edad1ab000ea2
  
Dropping
MD5 288f3c8911c2d89bfb4cec7236208ff3

Comments