MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59b14b44e86ca658268189ee4b2e9b9bac7bf37a130673b13f15ca00ce0fec6f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59b14b44e86ca658268189ee4b2e9b9bac7bf37a130673b13f15ca00ce0fec6f
SHA3-384 hash: a6629f7398bf4eabecda3bf4c3a24e26d662a1b4ed7cc17226ca556a3e61090f4db315bda76bbd86ae900b49c355f264
SHA1 hash: c5f04ecc516bf10d7bd326b3d604e5c2739ebe30
MD5 hash: 9f6a1a4df2e2ea1981539f06fae5ef7a
humanhash: nitrogen-orange-michigan-ohio
File name:Order for Purchase.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:366'141 bytes
First seen:2020-07-24 05:32:16 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:/vZ6XDJyLhmsDS1HLWB3aeXEdkzBn4gEFL50qOwpIBQU0VGH3FAs7mEr:oXAtm7J03Zpyg2OgIB8c3FPr
TLSH 0E74236284ACDE276823C02ABC5B6B4F6371FF12570BCD507D0B52A7EC2929469B7173
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email
From: Myra C. Parazo<info@blazingstar-phil.com>
Received: from blazingstar-phil.com (unknown [95.211.208.23])
Date: 23 Jul 2020 20:34:27 -0700
Subject: Re: Order for Purchase.
Attachment: Order for Purchase.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59b14b44e86ca658268189ee4b2e9b9bac7bf37a130673b13f15ca00ce0fec6f/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-24 05:34:07 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lgyuwrhinstfqjubrhxewlu3towhx432cmdhhmj7cxfabtqp5rxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/59b14b44e86ca658268189ee4b2e9b9bac7bf37a130673b13f15ca00ce0fec6f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 59b14b44e86ca658268189ee4b2e9b9bac7bf37a130673b13f15ca00ce0fec6f

(this sample)

AgentTesla

Executable exe cfbf8e9c3e178d14a8afa864eacdf5e9ee57c82679b08bbceb56ca418c86e908

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfbf8e9c3e178d14a8afa864eacdf5e9ee57c82679b08bbceb56ca418c86e908

Comments