MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe87b68525e20d3fd6a0063981ce2f2e9b58be1e8aa24afeb76f12ab7a4c52ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe87b68525e20d3fd6a0063981ce2f2e9b58be1e8aa24afeb76f12ab7a4c52ae
SHA3-384 hash: 2b3d93c364dd3048efb696b31b468ec13b992ae7ce21f4eb0edae4e1bc94e603efb064fe14e81bcb92b5b6ba2110d87c
SHA1 hash: 5f284434c6aad86f08611f373a811e1f8763908a
MD5 hash: 1bfcc90f2411b34127452efb12caf325
humanhash: salami-april-zulu-papa
File name:PO-0561.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:386'212 bytes
First seen:2020-07-12 08:01:55 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:JqDGq85czI8ZQOGUiXfhcMRnxHaZnDdmAXdTbX1M7v5hCAkYfkHVE/6umY2nUYCO:JaiczI8COovhcMz6NZ5Rmz5hCXaBCu4f
TLSH 0A8423FA6B5778FB50D89E528BE03E0DC3B260D753F10C96286B4DF4D6A591A40CC2B9
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: Mubeen Musabah <hameedentr@cyber.net.pk>
Subject: Request for PI:Top Urgent
Attachment: PO-0561.pdf.gz (contains "PO-0561.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe87b68525e20d3fd6a0063981ce2f2e9b58be1e8aa24afeb76f12ab7a4c52ae/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-12 08:03:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=72d3nbjf4igt7vvaay4ydtrpf2nvrpq6rkrev7vxn4jkw6smkkxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz fe87b68525e20d3fd6a0063981ce2f2e9b58be1e8aa24afeb76f12ab7a4c52ae

(this sample)

AgentTesla

Executable exe 5d59c9bb9c6ebb150f716776fc8ff2c047ab639454787e48553044d3bb4be9b1

  
Dropping
MD5 2d7cb302852415443f54722772d98aaa
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5d59c9bb9c6ebb150f716776fc8ff2c047ab639454787e48553044d3bb4be9b1

Comments