MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4a0eeaaf454ea6a0026551ff44dee8b57b87956fc3561620450cdcc58391e0a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4a0eeaaf454ea6a0026551ff44dee8b57b87956fc3561620450cdcc58391e0a
SHA3-384 hash: ed3133c86824f229e85b5af98e532762411de62507fa202c0576486bbf2d1394bf746be39e9a0f00c5b6278c2ee531f1
SHA1 hash: 9f69a9595d6223ea3df53f4005b06f4fc8f3cb87
MD5 hash: d9fea1f33a7287d55651b773bda4d254
humanhash: kentucky-pizza-artist-cardinal
File name:Evergreen order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:304'445 bytes
First seen:2020-06-24 07:07:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:iNi+0TbFmZhAcPlkJKLABBRagA0aKKYCmer71y9ZlD22Dzf4yZgmL4S6kg0V:VbOiOkKEcPaKYdef16ZE2B6XS6wV
TLSH 3D542300E585FCE02F64AF85B641FF64B9215297EA6C8D326D610ECFC0491D363ADEE9
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mcegress-7-lw-137.correio.biz
Sending IP: 191.252.7.137
From: smtpfox-xiydb@rochamodapraia.com.br
Subject: Re: Evergreen Order 23/06/2020
Attachment: Evergreen order.zip (contains "Evergreen order.exe")

AgentTesla SMTP exfil server:
smtp.jixst.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Razy.700234.11880.19095.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4a0eeaaf454ea6a0026551ff44dee8b57b87956fc3561620450cdcc58391e0a/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 07:09:03 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wsqo5kxuktvguabgkup7itpornl3q6kw7q2wcyqekdg4ywbzdyfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b4a0eeaaf454ea6a0026551ff44dee8b57b87956fc3561620450cdcc58391e0a

(this sample)

AgentTesla

Executable exe b7a7b91c9a1ca0a674684f764013045221835ac624462f51339372c9c994e5b8

  
Dropping
MD5 32600400c9277283df41065a95759b44
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b7a7b91c9a1ca0a674684f764013045221835ac624462f51339372c9c994e5b8

Comments