MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f85c46942f12ef45102268c5caff80ebfa3ac98714cbc79dd5087b98b0f49b35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f85c46942f12ef45102268c5caff80ebfa3ac98714cbc79dd5087b98b0f49b35
SHA3-384 hash: cbd17d8b767d3e3c8882409b1b83a6231638901457921c41d97265453d2c803e3e2e9809b193ea0ca99e74221736d528
SHA1 hash: c63e2e9646e1a4a5854b59407b1f13070e438fb3
MD5 hash: 8bd367ffda82d2affeb3bcea65a5ba86
humanhash: triple-september-asparagus-steak
File name:OUTSTANDING PAYMENT LONG DUES.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:549'247 bytes
First seen:2020-06-21 06:59:18 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:p6YJdyKe9JwXsMXct/8JEY1Uy1Ojwf9NkaQkz2lY3DgpaHCD:p6oA4Xpe/8JEm1Okf9NFl2W3DlCD
TLSH 1FC42353663BF6AD4FDA2C2237590DAF835900EB1CC53EE61236A1CBBC47A5C12952F4
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server02.hostngon.vn
Sending IP: 203.162.238.30
From: info@vonframachau.com.vn
Subject: Payment For Outstanding Invoices
Attachment: OUTSTANDING PAYMENT LONG DUES.rar (contains "OUTSTANDING PAYMENT LONG DUES.exe")

AgentTesla SMTP exfil server:
mail.aquariuslogistics.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-21 07:01:05 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7boenfbpclxukebcndc4v74a5p5dvsmhctf4phovbb5zrmhutm2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f85c46942f12ef45102268c5caff80ebfa3ac98714cbc79dd5087b98b0f49b35

(this sample)

AgentTesla

Executable exe 0c3d30c2124ea46970d7f9c03b2fc23b1deb32328fe396ecae9d21655d27a8d1

  
Dropping
MD5 b49719e658c581c440dd68216ed09ae7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c3d30c2124ea46970d7f9c03b2fc23b1deb32328fe396ecae9d21655d27a8d1

Comments