MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564
SHA3-384 hash: cb3e4dabf350415f331c477bc707fe80f717a36073fb521f7e8f2368c249394f40ebe8e1beb19dbdedf1a734d7d10419
SHA1 hash: ad190f6d9ee57bbfe78c219ee7c6d790d195c815
MD5 hash: 1f068532b13690899f857840f2b110de
humanhash: asparagus-whiskey-undress-gee
File name:Purchase Order.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:241'204 bytes
First seen:2020-06-30 13:19:48 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:CrcoiW3O6z5wBGFZ4W4hOHzd01dxodLCshEp7GeY9zV7Tte5RK9GsGBLMNtXgajb:iJek1eW4sHJ01Mg9MVzh4kEsGS9ljOo
TLSH 613423C2A1233D89702CD6542D730CBE75A12BE9106740B7359ACC62D7B7614A7E0FEE
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.406.soyungwanginc.casa
Sending IP: 157.230.111.37
From: Mr. X <info@406.soyungwanginc.casa>
Subject: New Order After A Long Time
Attachment: Purchase Order.gz (contains "Purchase Order.exe")

AgentTesla SMTP exfil server:
mail.anissh.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27247.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:21:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mbo7fi5bfghgd7ij33uha2qqhohjhxxo2pktn656crcpcjr2gvsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 605df2a3a1298e61fd09dee8706a103b8e93deeed3d536fbbe1444f1263a3564

(this sample)

AgentTesla

Executable exe aec14877d4e03e342e0f010e0d6c25aea5492f94ddbd7d48ab41607f609bb87b

  
Dropping
MD5 a16e39975fd3c0f0c707f661102813e1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aec14877d4e03e342e0f010e0d6c25aea5492f94ddbd7d48ab41607f609bb87b

Comments