MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 879c6ff9eac62ffed38fe61e81499f275a5e5f5b0cc0415fe34abcced78af28f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 879c6ff9eac62ffed38fe61e81499f275a5e5f5b0cc0415fe34abcced78af28f
SHA3-384 hash: 6479d2e02a98864c4092fe11f78d0f8a4f51df95c82f302c2dc0fef2ca5cc7d3810dce66e694f0d77cb0d7536f91b463
SHA1 hash: 30ab8630880973885f0ed5129f6cfb86b19835a9
MD5 hash: e33d5b735bb2febe199040bf2d3e9be6
humanhash: kentucky-steak-spring-xray
File name:revise invoice.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:614'313 bytes
First seen:2020-06-11 11:17:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JhuLftUN0cfz7kBLnSzbywjJUfIFCF5EWXM5sAlIRQxt5ELZHPGnNUuWrKaWQ:JhGtUP74ayfRrkCRKw/WQ
TLSH 94D423888B12AC845CC15FF9F5B99141E12E75979086C6A2CD0B7ACF05A73E68CFE21D
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server02.hostngon.vn
Sending IP: 203.162.238.30
From: ACCOUNT <seokhyung.won@btlglobal.co.kr>
Subject: revise account details
Attachment: revise invoice.zip (contains "NONE.exe")

AgentTesla SMTP exfil server:
mail.shamdew.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 11:18:10 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q6og76pkyyx75u4p4ypicsm7e5nf4x23btaecx7djk6m5v4k6khq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 879c6ff9eac62ffed38fe61e81499f275a5e5f5b0cc0415fe34abcced78af28f

(this sample)

AgentTesla

Executable exe d363c156cee675f7f4744162acb889dd330284ec40fb65d5bd57ad7c936681a8

  
Dropping
MD5 d5c0054f4bcfa8248ffb78112251f48b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d363c156cee675f7f4744162acb889dd330284ec40fb65d5bd57ad7c936681a8

Comments