MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 195c10c6a1b2c955de3f8eb6fed550e0f805f85e2f9ec3012c7abfb7b8ec04e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 195c10c6a1b2c955de3f8eb6fed550e0f805f85e2f9ec3012c7abfb7b8ec04e2
SHA3-384 hash: 19748d6087b994a64d6c4e369ed1e1c493a178543d1f0400dc09d4edb6d385cb29eefd433a2c3a24b76a9382ad078aca
SHA1 hash: c3d10e9c0b12e09ef9d8e3a97f250171f5b10db3
MD5 hash: eb7fe4687b346b69e73ba37dadfd9079
humanhash: burger-fanta-cola-vermont
File name:PO ORDER.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:436'934 bytes
First seen:2020-07-09 06:33:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:crIRzO7ynt2MTfLhqzedW8Vdj3POg/xHmlbSX:QWa0tHszl8VdrPOg/xkbSX
TLSH 6F942330E5992CFD1B8C5D6356328B71F4C95228CD96B5AC3E1729EC91723FD298C389
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.zedenect.com
Sending IP: 45.95.169.29
From: Xincheng Industries Co.,Ltd. <CA_EMEA_Italy@clariant.com>
Subject: Fwd: Re: Order
Attachment: PO ORDER.zip (contains "PO ORDER.exe")

AgentTesla SMTP exfil server:
mail.elkat.com.my:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.6016.5488.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21684.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23627.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/195c10c6a1b2c955de3f8eb6fed550e0f805f85e2f9ec3012c7abfb7b8ec04e2/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:35:07 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dfobbrvbwlevlxr7r23p5vkq4d4al6c6f6pmgajmpk73pohmatra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 195c10c6a1b2c955de3f8eb6fed550e0f805f85e2f9ec3012c7abfb7b8ec04e2

(this sample)

AgentTesla

Executable exe b5cc6999416a62827fc86dc9b6a3f5b0ee3546986af845722ec0d019c8c30f6b

  
Dropping
MD5 7ae31295f30f130914053f4c832c6fd7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5cc6999416a62827fc86dc9b6a3f5b0ee3546986af845722ec0d019c8c30f6b

Comments