MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3db519db5311d98e1c676be20cda0b5964cdfd88ee5e82c4a01f15c1bc250dfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3db519db5311d98e1c676be20cda0b5964cdfd88ee5e82c4a01f15c1bc250dfc
SHA3-384 hash: c204e5aba9ae15d56e25e3dd3128cc4e47a5c1c6e928fbbf8631fb57fbbdef85735b4d104dcc3844d6840b7c47435203
SHA1 hash: b154e6ee415eaff5779ee369a5ed5822eaf316bd
MD5 hash: 0e1a5f36ac55056ecfe556f70ebf926e
humanhash: hotel-lamp-colorado-alaska
File name:remittance advice 7.9.20.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:521'832 bytes
First seen:2020-07-09 14:55:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:1J0w6UYpTZthpx9TLcRZds6MzSypdelf0lvxKbEFxFpeV/J+e21HyC6:a3pXTQRZdGuypMClZKMeVxe1Hy1
TLSH DEB423699CE003ED5BF5B2649932E81B5F3FB68886D8B01233A1E15F754D5B023487A9
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.moleaves.ga
Sending IP: 103.109.37.47
From: Accounts Payable< admin@moleaves.ga>
Subject: EFT Remittance Advice 09.07.20
Attachment: remittance advice 7.9.20.rar (contains "remittance advice 7.9.20.exe")

AgentTesla SMTP exfil server:
smtp.empromae.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3db519db5311d98e1c676be20cda0b5964cdfd88ee5e82c4a01f15c1bc250dfc/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 14:57:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hw2rtw2tchmy4hdhnprazwqllfsm37mi5zpifrfad4k4dpbfbx6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3db519db5311d98e1c676be20cda0b5964cdfd88ee5e82c4a01f15c1bc250dfc

(this sample)

AgentTesla

Executable exe cc71aaff5556a4053df2846a191ff63e54b3b10df75b98a3d8d5edc4c02c7d1b

  
Dropping
MD5 aa54e572432813a7d322e244339aa7b6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc71aaff5556a4053df2846a191ff63e54b3b10df75b98a3d8d5edc4c02c7d1b

Comments