MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 798cf7b6a9805d21e70ad604e20c7f20271f874b1198af07eb23afa9ebd07895. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 798cf7b6a9805d21e70ad604e20c7f20271f874b1198af07eb23afa9ebd07895
SHA3-384 hash: 178a17d01225da5f6816d5900230eeda78b8ba6d851ad83f566c06af60ff5bb4b987769da9f9aa43a91943fb639215bd
SHA1 hash: 77a6d99baec61bd9bce6b2baaf5a19bc73699005
MD5 hash: 1059a439a80ef023bbe88c45b8718d1b
humanhash: triple-missouri-stream-blue
File name:QA112491-4363136.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:407'028 bytes
First seen:2020-07-01 16:12:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:NMgeB8jRyfv+L9orfQNTp4vCxUMiuzApmFHczwX1GQNnuTz7TMtXwRcpZCPeMT:Ns/2LCrUx6oHcbMuTQtARcCeMT
TLSH A78423CD54E3AFE33753CE85047770E9A697DF60BD184685D8E24417E2A36A86B2098C
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.strongmailvault.com
Sending IP: 111.90.144.215
From: Export Department <office@jinpao.us>
Subject: INQUIRY
Attachment: QA112491-4363136.rar (contains "QA112491-4363136.exe")

AgentTesla SMTP exfil server:
smtp.ay0ub-sd.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/798cf7b6a9805d21e70ad604e20c7f20271f874b1198af07eb23afa9ebd07895/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 16:14:08 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pggppnvjqbosdzyk2ycoedd7eatr7b2lcgmk6b7leox2t26qpckq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 798cf7b6a9805d21e70ad604e20c7f20271f874b1198af07eb23afa9ebd07895

(this sample)

AgentTesla

Executable exe 83e661009dfa3a8c57b2517ff461dc6ab437d6632b1050466ff5d4fbaae7b69f

  
Dropping
MD5 bf392ea86652e9fe3df07d4032d209b3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 83e661009dfa3a8c57b2517ff461dc6ab437d6632b1050466ff5d4fbaae7b69f

Comments