MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8051eb74a4a4ad8777b904dc8785e7350615a766aa26eadce9749a84d846fdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8051eb74a4a4ad8777b904dc8785e7350615a766aa26eadce9749a84d846fdf
SHA3-384 hash: e2830fd2411a6e8a7ab6d52073242ae973e3122f90fad458a52992c57689840fa6770250536d5a38515493a0b20e31d1
SHA1 hash: a9e685fc4231fdb0fe342490da32693fa5f20265
MD5 hash: db21c0f8d2d2298aabcf86b84e31279d
humanhash: massachusetts-four-black-september
File name:PO-20200709.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:557'481 bytes
First seen:2020-07-09 07:41:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:jm35bA4EujxlvarQD3Z6lfWc15FR7PvJJEO4uRYUDh03W:jm35bA/ojl3klfWe5FNJJEOFJ103W
TLSH 51C423CE6A83B08DE612AC05523BFD2A72B74B8D6743077DA2C0C3168691D2B7F4D795
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: serve0.teevraexports.pw
Sending IP: 104.168.214.4
From: Reliance Industries Limited <info@ril.com>
Subject: Purchasing Order P16D000205
Attachment: PO-20200709.zip (contains "PO-20200709.exe")

AgentTesla SMTP exfil server:
mail.dstec.mx:26

AgentTesla SMTP exfil email address:
dream@dstec.mx

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8051eb74a4a4ad8777b904dc8785e7350615a766aa26eadce9749a84d846fdf/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 07:43:04 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xacr5n2kjjfnq533sbg4q6c6onigcwtwnkrg5loos5e2qtmen7pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b8051eb74a4a4ad8777b904dc8785e7350615a766aa26eadce9749a84d846fdf

(this sample)

AgentTesla

Executable exe da2d328729fc82001649fea94517079e39a3579d3154778bda61072c5c3b2590

  
Dropping
MD5 c2a716ded7676fcc85c9f7299128e85a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da2d328729fc82001649fea94517079e39a3579d3154778bda61072c5c3b2590

Comments