MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1eb2eeb0503f0d22c7a8e72c8c6eb81a488593c1ff8aaba497d0e17f30bba18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f1eb2eeb0503f0d22c7a8e72c8c6eb81a488593c1ff8aaba497d0e17f30bba18
SHA3-384 hash:	2bca56aa3d08be503ee8a927fcd0788468e41f9677397cdbf1532400bb90ccb8a701f452c703066d18fa6445e02aff62
SHA1 hash:	7c668db5d3f2ea2b857567dedbbd9da316749af0
MD5 hash:	e20ce9159cd27a6cc93d3889c484b51e
humanhash:	xray-solar-sad-lemon
File name:	OCPI Purchase Order No. 000138 RV1.gz
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	397'662 bytes
First seen:	2020-07-01 16:11:05 UTC
Last seen:	Never
File type:	gz
MIME type:	application/x-rar
ssdeep	6144:xmspdnuNwG3Z6PoBJL3lEJ+tXOywN0Ml3ZeaSboAsGJVxL52Jwrj75ItqMUJ:Pp8lJ7BLE+XFMLpYasVxLsJydIQ/J
TLSH	2F842332572C36E9DCE4D12AA1D33A6B1E843C96BBA594263936E3CFD1F00564E7B412
Reporter	abuse_ch
Tags:	AgentTesla gz

abuse_ch

Malspam distributing AgentTesla:

HELO: gen.genesiscreatives.com
Sending IP: 192.254.165.42
From: Aishah <info@ocpi.com.my>
Subject: Revised OCPI Purchase Order No. 000138 (RV1) - 01/7/2020
Attachment: OCPI Purchase Order No. 000138 RV1.gz (contains "OCPI Purchase Order No. 000138 (RV1).exe")

AgentTesla SMTP exfil server:
smtp.imp-powers.com:587