MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe17b481dc7fcf76652aa22bc3c58a8b833312173c7efbddd019ffa2a728db96. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe17b481dc7fcf76652aa22bc3c58a8b833312173c7efbddd019ffa2a728db96
SHA3-384 hash: 93f2a0a7e550b9f9b06f98ca93c0ff41988abb516dccba063c021a0dab851fe70c6463f63eb3bed8fe581caeb10738cd
SHA1 hash: 7f70daa7d8c9bc1f5ffe702c86bfc16fd9f28c12
MD5 hash: 79b0fd4fe59d2168f95890b1662c4b2a
humanhash: single-september-speaker-green
File name:e-SOA bank sheet.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:541'087 bytes
First seen:2020-07-09 14:34:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:mw/H30HMNfuCv7qcbAV3ZB8N7GWp+V6C+Jx5Abrx:m83dfuA7BkJBip+XtB
TLSH 17B42322772903BD8E43E599FC4B91128906C5E7E0734A00CEF6329DB42A7FE75D6E16
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.cinderllafashion.com
Sending IP: 45.95.169.119
From: 銅鑼生產計畫課-吳彥瑤 Nina <nina@pahsco.com.tw>
Subject: RE: RE: 回复: Doc checking for A100C20021306 20200213 Payment.
Attachment: e-SOA bank sheet.zip (contains "ZDQzOihuM7tYo0E.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.378.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe17b481dc7fcf76652aa22bc3c58a8b833312173c7efbddd019ffa2a728db96/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 14:36:06 UTC
AV detection:
13 of 47 (27.66%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7yl3jao4p7hxmzjkuiv4hrmkrobtgeqxhr7pxxoqdh72fjzi3ola._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fe17b481dc7fcf76652aa22bc3c58a8b833312173c7efbddd019ffa2a728db96

(this sample)

AgentTesla

Executable exe 8d67869517928418745bb57e58346ecfdd2af3321e13517159c292d159cc8dd1

  
Dropping
MD5 6d0a9aac6b0367efc965dc0f8eee7b56
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d67869517928418745bb57e58346ecfdd2af3321e13517159c292d159cc8dd1

Comments