MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e7990582bd76c3c74b9d8749e7fa2fc053eedbe690be2e5c9b4bd0c288b24c7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e7990582bd76c3c74b9d8749e7fa2fc053eedbe690be2e5c9b4bd0c288b24c7c
SHA3-384 hash: 29e3d125577d94d795500590d0cd232be010ee9b97f677b37d69df0ac50f6c9585652d2fc168c21c6ea19d3dfd031ee8
SHA1 hash: 5ec9009305c4495731722c70254e66c6c590711e
MD5 hash: 6b8600348198049c07e0b36f98930699
humanhash: early-vegan-tennis-six
File name:Order_payment.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:722'944 bytes
First seen:2020-08-04 10:54:19 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:qHAgbCa8sGQTn0lFGOHHb2Kldnd1ZOL5FQqqz855:qHX8kTuGs9yQqq
TLSH 31F41A393687A414D53D4A3688B556D032B276573B12CB0F79DA2B9CAF533CB3B0724A
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: host75.registrar-servers.com
Sending IP: 198.187.29.36
From: Frank <info@browsesecure.ga>
Reply-To: petersjohnny13@gmail.com
Subject: Payment reciept for 31 July
Attachment: Order_payment.img (contains "Order payment.exe")

AgentTesla SMTP exfil server:
smtp.gmail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e7990582bd76c3c74b9d8749e7fa2fc053eedbe690be2e5c9b4bd0c288b24c7c/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 18:07:35 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=46mqlav5o3b4os45q5e6p6rpybj65w7gsc7c4xe3jpimfcfsjr6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e7990582bd76c3c74b9d8749e7fa2fc053eedbe690be2e5c9b4bd0c288b24c7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img e7990582bd76c3c74b9d8749e7fa2fc053eedbe690be2e5c9b4bd0c288b24c7c

(this sample)

AgentTesla

Executable exe b3f6907db08526d44a0eafa737b19522ebdfa452ba2328ead21c5b469dff7998

  
Dropping
MD5 5fd61437fc8a312b08e954db35d16e1f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3f6907db08526d44a0eafa737b19522ebdfa452ba2328ead21c5b469dff7998

Comments