MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde
SHA3-384 hash: ced0a12471c083f7383fe75617f1de53ab40821582c7af16ed52805452aa362186d00eaf9c844e2aa331d70659dbbb3d
SHA1 hash: 049403c4b7485065077f3a2da1ccfd08c4dc5073
MD5 hash: 783117c5109242862f5b83a81014e4f6
humanhash: juliet-aspen-river-whiskey
File name:attachments.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:383'360 bytes
First seen:2020-06-23 14:55:47 UTC
Last seen:2020-06-23 14:55:53 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:OYlz2ufEUwF9EQRk063d26nnRI8n2nSrgKBcFML5tGEOQ2IXjLl6qcszubZx7fss:OYlz2u8UM93p67n6BKn8M1tGEX2k3Rzm
TLSH 15842393AEEB42495021E1D1580827F2B592D9C39CF6D58C248EABE144B4CF517ECBFB
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: tsk-group.co.jp
Sending IP: 193.142.58.61
From: Chris Logan <account02@tsk-group.co.jp>
Reply-To: Chris Logan <account02@tsk-group.co.jp>, Chief Accountant<1990.amaco@mail.bk>
Subject: Fw: RE: Account Details Confirmation
Attachment: attachments.zip (contains "Account Details.docx.exe")

AgentTesla SMTP exfil server:
twire.icu:587

AgentTesla SMTP exfil email address:
amara@twire.icu

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WMH.613.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 14:57:04 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uizhu64wwlmqblmaqh6biwumt3mb2vn76dtrvg45wdars2pol7pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a2327a7b96b2d900ad8081fc145a8c9ed81d55bff0e71a9b9db0c11969ee5fde

(this sample)

AgentTesla

Executable exe 47279cbd996ae6cd51c09c77529472475d50b0f8aaf3a092bdd1f53a3f94e61f

  
Dropping
MD5 3fd221aa6a0d95df5894e38a16cfecf1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 47279cbd996ae6cd51c09c77529472475d50b0f8aaf3a092bdd1f53a3f94e61f

Comments