MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27
SHA3-384 hash: 0b1c8f6bfbd5e1d1b638846a969279823b68fd52899a6ef6875d5d7cb0d195938a6a5ec09c02d3fc75014866f7482cf9
SHA1 hash: 37cf60493119a7640a82582e520fe4ba0e408d5d
MD5 hash: f099845ed8ef1260b2a250d08571f2e9
humanhash: freddie-lemon-floor-three
File name:order44159280820.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:899'340 bytes
First seen:2020-08-28 06:39:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:uYNhNq4AhIeybXDQ15wobVzT88yKaxJeM:DN3lbXsXNpnZyJJeM
TLSH 5E1533317CAADF8826611F6EEAC29C29C04D6D9C0CE99940D65DF16CBD31E057B7E08B
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: regular1.263xmail.com
Sending IP: 211.150.70.203
From: Imports <shenfei@wison.com>
Subject: New order (quote urgently)
Attachment: order44159280820.zip (contains "order44159280820.exe")

AgentTesla SMTP exfil server:
mail.memorybasket.co.in:587

AgentTesla SMTP exfil email address:
bggrace@memorybasket.co.in

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FYEEB3E2D74C595.100.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-28 06:41:04 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=glzyvxbrtgt5pxgp3iyys7clgfrqxi6jmepojuanskxoac44xytq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 32f38adc3199a7d7dccfda31897c4b31630ba3c9611ee4d00d92aee00b9cbe27

(this sample)

AgentTesla

Executable exe 9b79d0622124809cc47cc7b7423db95a0aae0f37a60d6a224e181f846ef6206d

  
Dropping
MD5 eb3e2d74c595fde45a7fc69e2f358209
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b79d0622124809cc47cc7b7423db95a0aae0f37a60d6a224e181f846ef6206d

Comments