MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 388d8f022a47d15b407e133203b79f6f6b95e57c5475cb91c7d2e4c635d06b8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 388d8f022a47d15b407e133203b79f6f6b95e57c5475cb91c7d2e4c635d06b8c
SHA3-384 hash: c5abdf4943a8c681d50ffcf5f6daf38219d3fa68ec997cdddd3d43ab1253fc648a7de72a73458be231fa11b0ccd23234
SHA1 hash: b6e2dfa9378eeb7134abea39579a57c466d1a9d1
MD5 hash: eb5e4da255322b75cbc3e92d2a88e60c
humanhash: three-hawaii-burger-double
File name:Swift-copy.tbz2
Download: download sample
Signature AgentTesla
Create hunting rule
File size:431'317 bytes
First seen:2020-07-20 10:15:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Mm0JuRxhEMLXQOZDwKFJErT+rilTsr9iv5Xb4x:MHJCDvXhREr2ilT89ULY
TLSH FF942327B8CBD9EAE57108442FBD0B965A2B848DCCB45CFB1D905B82844E67F727C349
Reporter abuse_ch
Tags:AgentTesla tbz2


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: esperanzaeg.com
Sending IP: 173.254.250.2
From: planning2@esperanzaeg.com
Subject: RE: Outstanding Payment
Attachment: Swift-copy.tbz2 (contains "Swift-copy.com")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/388d8f022a47d15b407e133203b79f6f6b95e57c5475cb91c7d2e4c635d06b8c/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 10:17:04 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcgy6arki7ivwqd6cmzahn47n5vzlzl4kr24xeoh2lsmmnoqnoga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/388d8f022a47d15b407e133203b79f6f6b95e57c5475cb91c7d2e4c635d06b8c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 388d8f022a47d15b407e133203b79f6f6b95e57c5475cb91c7d2e4c635d06b8c

(this sample)

AgentTesla

Executable exe c6623c1d81defbb2f39224fad80aa071b99b3d08788f6cd400e9c43f9c324b0b

  
Dropping
MD5 5d9b9e9ea7584deb372cea7744c5580e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c6623c1d81defbb2f39224fad80aa071b99b3d08788f6cd400e9c43f9c324b0b

Comments