MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfdf72c413b07e1a7734edba789449e83b0631fcf768c542368585f0582f4c30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfdf72c413b07e1a7734edba789449e83b0631fcf768c542368585f0582f4c30
SHA3-384 hash: d1242e64daae32f507ab59645d5012bce751f8be78863567f0b684429afbf8c1509c3502452f240c560d5caa4485da45
SHA1 hash: 594c975513fa227199dc914b196b7ecb19021cd8
MD5 hash: 25e2e5b6898972e257460015e84d9d7e
humanhash: idaho-happy-uranus-sodium
File name:inquiry.GZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:660'740 bytes
First seen:2020-06-05 10:41:21 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:u84oL8w78FXb+JWs6jWM3zv4k9MPjba9Ici+ZVQL1PtR4Uk09pQeo4oDer0Y:r4owc0ZjLLH9MPiDiYgRkkpqdDSv
TLSH 2FE4333FE9CEB4194E39CC616A81B5A0A4CCC03875DB5F2AEABA69504BD3004D27FD1D
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.tkbsoaeng.com
Sending IP: 45.95.169.71
From: info@tkbsoaeng.com
Subject: Re: Fwd: Materials request
Attachment: inquiry.GZ (contains "inquiry.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 11:35:37 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7pxfratwb7bu5zu5w5hrfcj5a5qmmp465umkqrwqwc7awbpjqya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz cfdf72c413b07e1a7734edba789449e83b0631fcf768c542368585f0582f4c30

(this sample)

AgentTesla

Executable exe a8a9e1ebbe728b5782a903729896edf68191c3d3af656feac7d9ac590b717e66

  
Dropping
MD5 85ac7ba9fbcc19d097745a6b26c2ab66
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a8a9e1ebbe728b5782a903729896edf68191c3d3af656feac7d9ac590b717e66

Comments