MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e86c327bee735dd539fa3b2062867b862276c26c3040dde7172b09a6b8d0dd4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e86c327bee735dd539fa3b2062867b862276c26c3040dde7172b09a6b8d0dd4e
SHA3-384 hash: f2858236d847d7ab23568fde30fe6acb7ecd493cfca2c65df7eb1174efacf1ba55961a3347ba3a0ead8f21e341cdb578
SHA1 hash: 718e2f2c76ce445fbdc702d2e70456e9eca51bf9
MD5 hash: c01e076260142b7ca3c8cd26dcaf88db
humanhash: table-september-pizza-item
File name:PURCHASE SPECIFICATIONS.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:870'450 bytes
First seen:2020-07-06 11:39:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:9H5+e13H6AC+ZMbLXpk14T5iRSvegKK3Qm6gieSoov6UECEH5+e13H6AC+ZMbLX3:3paFI4TqSveVTgH5paFI4TqSveVTgHL
TLSH 8A0523EA3EEE9621B77AE861499061B9913F93B4615365D00FA0F3B130C1677AFF4348
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: m9749.mail.qiye.163.com
Sending IP: 220.181.97.49
From: Amy Zhang <sales@oppel-lighting.com>
Subject: Re: Quotation
Attachment: PURCHASE SPECIFICATIONS.rar (contains "PURCHASE SPECIFICATIONS FOR PROPOSE ORDER - 20200706.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e86c327bee735dd539fa3b2062867b862276c26c3040dde7172b09a6b8d0dd4e/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 11:40:08 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5bwde67oono5kop2hmqgfbt3qyrhnqtmgban3zyxfme2nogq3vha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar e86c327bee735dd539fa3b2062867b862276c26c3040dde7172b09a6b8d0dd4e

(this sample)

AgentTesla

Executable exe b0a6759e8851528dc4aa2a31c9439c1877b96419ca1f7a869cad009ae9f948c2

  
Dropping
MD5 905e5404378c8d20014b49f613a2c8b0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b0a6759e8851528dc4aa2a31c9439c1877b96419ca1f7a869cad009ae9f948c2

Comments