MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94f0cfa169285dc83620fb3539c3192c7bc3789c74cd2a31d0777a4f261fce33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94f0cfa169285dc83620fb3539c3192c7bc3789c74cd2a31d0777a4f261fce33
SHA3-384 hash: d1e24ab9d78ee6eb559da4c34cd5458356ab763421bd5c17a122ea77964b910a85e0611a65c7ca409c403130d063e592
SHA1 hash: f483ca6a4d9974bc68e327e8b9eb17140cbd6f4f
MD5 hash: 7d2d301266f6d4b4e5ff22d33f32920b
humanhash: thirteen-blossom-zebra-green
File name:New-Order Inquiry.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:344'090 bytes
First seen:2020-06-08 09:13:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:lrlskgOqcXkrU7sQUgFF7ZXzJvB0HDo7Tyms9Ma37C+bwTvjw2Sj7CgZlfm4:lrq1cXk+jbRVk4WPm+YMB7CgZlu4
TLSH 3B7423F1303E9DD9B7875D79E60AA7EBE6CC465854FD01466603C2383B970E81EBE029
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv1.demspor.com
Sending IP: 31.169.94.221
From: Liza Molino <liza@crystalarc.net>
Subject: hot/cold rolled stainless steel coil / sheet// Inquiry from CrystalArc Factory L.L.C
Attachment: New-Order Inquiry.rar (contains "New-Order Inquiry.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:15:05 UTC
AV detection:
30 of 47 (63.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=stym7iljfbo4qnra7m2ttqyzfr54g6e4otgsumoqo55e6jq7zyzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 94f0cfa169285dc83620fb3539c3192c7bc3789c74cd2a31d0777a4f261fce33

(this sample)

AgentTesla

Executable exe 88ec084c0f53adb87c7b5fb01c8e5756ebfd3c98526d16e45d5d1b989263e29c

  
Dropping
MD5 06fb9005234038d2dea387f51f9d2c5b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 88ec084c0f53adb87c7b5fb01c8e5756ebfd3c98526d16e45d5d1b989263e29c

Comments