MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 65f90bf545974c5373860c420537b7d999c43dc15c778e1e9d306db2e677db23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 65f90bf545974c5373860c420537b7d999c43dc15c778e1e9d306db2e677db23
SHA3-384 hash: c92a37000553b1708f5bc698685d6d861e803eb5eb333f2daa473308aae8ff0715cec2f57ff2ffb70aa839274cd90a4b
SHA1 hash: a336be716271804d0b98199462c8cc6622a85580
MD5 hash: 2d8ad9264c88eba5e61d26a5ec13d762
humanhash: pip-uniform-bravo-bulldog
File name:REMITTANCE COPY.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:413'143 bytes
First seen:2020-08-05 15:54:01 UTC
Last seen:2020-08-06 08:16:32 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:kBJIpYr3f74IEjSeLVbtGrlYFp/e/uLRN8/VN:kcpYH4IEjSehCQe/ule
TLSH 7D9423872E3BD49CAF757353086A56411B7320843B14B3A3C426CB8EAAED767536537C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qtechglobal.com
Sending IP: 103.99.1.173
From: "李丽君"<lijun.li@qtechglobal.com>
Subject: Payment advice note dt. 05.08.2020
Attachment: REMITTANCE COPY.rar (contains "REMITTANCE COPY.exe")

AgentTesla SMTP exfil server:
mail.varda.com.tr:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/65f90bf545974c5373860c420537b7d999c43dc15c778e1e9d306db2e677db23/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-05 15:55:06 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mx4qx5kfs5gfg44gbrbakn5x3gm4ipoblr3y4hu5gbw3fztx3mrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/65f90bf545974c5373860c420537b7d999c43dc15c778e1e9d306db2e677db23

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 65f90bf545974c5373860c420537b7d999c43dc15c778e1e9d306db2e677db23

(this sample)

AgentTesla

Executable exe 8e375f7b3590a0a1ea2cd9620256237e0afae37e29b33ca3a98eba0eb67e37ee

  
Dropping
MD5 05f2bd020bd5d22a3cf07783decf90e7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e375f7b3590a0a1ea2cd9620256237e0afae37e29b33ca3a98eba0eb67e37ee

Comments