MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f632de07f058f0cbdc42a6e291fc62bf552f8793f36a0130c450429d26418b18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f632de07f058f0cbdc42a6e291fc62bf552f8793f36a0130c450429d26418b18
SHA3-384 hash: 71a1aa347ec5cec4b8bcc3670c09e9c9be9f25f851621117a0bb5eb4b1b032c1b812ad23ffc9d664127ee3227827e0b9
SHA1 hash: 0b930568c9bc85a31575f1c5f79cbeb202f6b939
MD5 hash: fc7a15decbd5b23cbdeba6f5e855390f
humanhash: missouri-jig-single-salami
File name:PO 4100093270 59374_CQ20-12880.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:532'168 bytes
First seen:2020-08-18 06:20:44 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:h46BIGj2EDnoEyWeyGd08PhmRUilskdEqpm:h4EIYrDryWpkfGsiE
TLSH 75B4232703CE23A97A672EA16D1B3D4C6E24DCE1611F0D464A911B65BBBB780FA341DC
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: xv20.522.pinotvineryms.cf
Sending IP: 128.199.4.97
From: Nguyen Tan Toai <Nguyen-Tan.Toai@522.pinotvineryms.cf>
Subject: MULTI-IMPACT/INQUIRY ORDER
Attachment: PO 4100093270 59374_CQ20-12880.gz (contains "PO 4100093270 59374_CQ20-12880.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f632de07f058f0cbdc42a6e291fc62bf552f8793f36a0130c450429d26418b18/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 23:21:28 UTC
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6yzn4b7qldymxxccu3rjd7dcx5ks7b4t6nvacmgekbbj2jsbrmma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz f632de07f058f0cbdc42a6e291fc62bf552f8793f36a0130c450429d26418b18

(this sample)

AgentTesla

Executable exe d0d72f8088ae83affe52e64d31ef8787b12bf31fc38a1b72b278b891be6e2d6c

  
Dropping
MD5 b8325454a5091391075d705aa4495063
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d0d72f8088ae83affe52e64d31ef8787b12bf31fc38a1b72b278b891be6e2d6c

Comments