MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92aeef28c2d4ccfe7b35348dba12448bdeb6414dbdd022ee9d909801418f422b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92aeef28c2d4ccfe7b35348dba12448bdeb6414dbdd022ee9d909801418f422b
SHA3-384 hash: 78f08109bb85e18af6a798fe5311f0a8c0faac7e5e3a0eb46a3e3555a0d059c3b08e305984ce581662d9459f9d52f98b
SHA1 hash: b2f140142032635c2874c5056467152a65efceab
MD5 hash: d815eff638a2a4a3aa7d80e302d6f62e
humanhash: three-mockingbird-sierra-diet
File name:Revised Proforma Invoice 47094_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:366'629 bytes
First seen:2020-06-29 07:29:02 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:mftydH1n79TOvUequ/4y+WN03tKYNQ3NQM06BltcB83J/0jmo6IJCw2aC86Zb3tE:JH1nhSyuwYGtxN3EeB83J/0pjCw2Y612
TLSH 57742320E7B651C784C47D490ECEF5E8AB2CA198386EACD965619411FAC90F20FD3BD3
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: email.it
Sending IP: 103.150.8.56
From: Bob Wong <fabio.crippa@email.it>
Subject: Re: Proforma Invoice
Attachment: Revised Proforma Invoice 47094_pdf.gz (contains "Revised Proforma Invoice 47094_pdf.exe")

AgentTesla SMTP exfil server:
smtp.anding-tw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92aeef28c2d4ccfe7b35348dba12448bdeb6414dbdd022ee9d909801418f422b/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:31:04 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=skxo6kgc2tgp46zvgsg3ueserpplmqknxxicf3u5scmacqmpiivq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 92aeef28c2d4ccfe7b35348dba12448bdeb6414dbdd022ee9d909801418f422b

(this sample)

AgentTesla

Executable exe 20fa03ed146d67328f48a4609fd5a1f2f584576dcb93450661d4b6e1f9c269da

  
Dropping
MD5 10f9e9603ff9bda36664f12fb8735133
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20fa03ed146d67328f48a4609fd5a1f2f584576dcb93450661d4b6e1f9c269da

Comments