MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc55b8771b72b364da78bb49b9d8d0ae462ce12b93a1fdac03eede5a9007340c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc55b8771b72b364da78bb49b9d8d0ae462ce12b93a1fdac03eede5a9007340c
SHA3-384 hash: 2e2e677a4ed4341ff92a05df2eb5e3b026bcf0d71c11afd2685cfd09c41d9295fe6be0f1adbd4817188d21fb0295c56d
SHA1 hash: c5204bb449eae55adcd2399f97614bc178ff81be
MD5 hash: 7d9ce4c7303f48ddd6e779beb3f1aa5a
humanhash: neptune-freddie-seventeen-single
File name:TT wire payment.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:444'880 bytes
First seen:2020-07-10 07:28:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:YIVxLJrwYhGT6GQVNtui6H8ocGSyi4ltam:YIVxFwpsVNl6cAuIam
TLSH 9D9423491464DFDC33B168B07C333ACAAFE6945B5892D05F19BA84F3E61F2C9A812D74
Reporter abuse_ch
Tags:AgentTesla Endurance rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: MAJBOOT PVT. LTD <marketing@majbootmhe.com>
Subject: Payment Sent T/T Receipt Attached - Overdue Invoices Payment
Attachment: TT wire payment.rar (contains "TT wire payment.exe")

AgentTesla SMTP exfil server:
smtp.mail.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc55b8771b72b364da78bb49b9d8d0ae462ce12b93a1fdac03eede5a9007340c/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:30:06 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xrk3q5y3okzwjwtyxne3twgqvzdczyjlsoq73lad53pfveahgqga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar bc55b8771b72b364da78bb49b9d8d0ae462ce12b93a1fdac03eede5a9007340c

(this sample)

AgentTesla

Executable exe 1024428deedbdf419232a576e09fe43e44785c05a640c14c49ace315c6dca05a

  
Dropping
MD5 2e80f730aecb381344aa74398871fadd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1024428deedbdf419232a576e09fe43e44785c05a640c14c49ace315c6dca05a

Comments