MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b56c58f88ccc37f677ccfc7c26a0e33a1d87f49a84e2c8fd9c017c74a76f8565. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b56c58f88ccc37f677ccfc7c26a0e33a1d87f49a84e2c8fd9c017c74a76f8565
SHA3-384 hash: 0994c43d5225e38ef4c43c6c8d6313e84c6face57f6be5381566d2c1f79b75df826be3018ac143bacdf03e39366ade0c
SHA1 hash: 96160c0cbcafa298428e9edab28d1fbc9c39c0e5
MD5 hash: e08bde2babdabef30ac3580570e08fd6
humanhash: wisconsin-indigo-oregon-rugby
File name:PO674879214755.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:408'461 bytes
First seen:2020-06-24 06:35:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:FZ9y+S6ChxhP7jzRAfModcytDTz5jSC+O:Fjy+SHh6fdLtDTz55x
TLSH D19423604905F90F5F4F386EDFA965228DE8374AEA20F9FE74EA98E04F14CC451316AD
Reporter abuse_ch
Tags:AgentTesla HostGator rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gproxy3-pub.mail.unifiedlayer.com
Sending IP: 69.89.30.42
From: saji@alajwaa.ae
Subject: RFQ PO#6748792147
Attachment: PO674879214755.rar (contains "PO#674879214755.bat")

AgentTesla SMTP exfil server:
mail.izakuiki.com:587

AgentTesla SMTP exfil email address:
sales.vi@izakuiki.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b56c58f88ccc37f677ccfc7c26a0e33a1d87f49a84e2c8fd9c017c74a76f8565/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 06:37:03 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wvwfr6emzq37m56m7r6cnihdhioyp5e2qtrmr7m4af6hjj3pqvsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b56c58f88ccc37f677ccfc7c26a0e33a1d87f49a84e2c8fd9c017c74a76f8565

(this sample)

AgentTesla

Executable exe d1a890009a7844ab2954fa466a2b9381ebb71aea1b98709d8e8c975c008bd7e7

  
Dropping
MD5 fb42065d787c59ed6fe06a01d9471fbe
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1a890009a7844ab2954fa466a2b9381ebb71aea1b98709d8e8c975c008bd7e7

Comments