MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 377a96190206fd1808c1e1e473141be3d55c402f926afd39c7bbde013a0a3f1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 377a96190206fd1808c1e1e473141be3d55c402f926afd39c7bbde013a0a3f1e
SHA3-384 hash: 525ecbc09a3e08fa9fcb24742ebf46440c256e7168fd696958a2ac5af336e7f6565b25056331908430b0cc9923db7c89
SHA1 hash: 4663a27a950e62c05a7a668fa9b14b2caf5e035c
MD5 hash: 07a5765bd01b7d6802a869eeb01a78fa
humanhash: cat-georgia-ten-potato
File name:Products List for Quotation.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'139'263 bytes
First seen:2020-07-09 14:29:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:as6Sg2QpLTOdatZZyFkTUK1ls6Sg2QpLTOdatZZyFkTUK1U:HrQ52A4rQ52As
TLSH 3335339BFC213FFC521FA2A7610B2219ED68279C121AF6678B49BC5691247D84FB034D
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: m97144.mail.qiye.163.com
Sending IP: 220.181.97.144
From: Amy Zhang <sales@oppel-lighting.com>
Subject: Re: Quotation-20200708
Attachment: Products List for Quotation.rar (contains "PRODUCT LIST FOR MID JULY PURCHASE - 20200708.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/377a96190206fd1808c1e1e473141be3d55c402f926afd39c7bbde013a0a3f1e/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 14:31:04 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g55jmgica36rqcgb4hshgfa34pkvyqbpsjvp2oohxppacoqkh4pa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 377a96190206fd1808c1e1e473141be3d55c402f926afd39c7bbde013a0a3f1e

(this sample)

AgentTesla

Executable exe 51e016d7614461f51389151f4dce30de7db0945f781b4d7d6ec6ab1ef97935fa

  
Dropping
MD5 aa488760f74cdffa5065895a9d4e16c9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 51e016d7614461f51389151f4dce30de7db0945f781b4d7d6ec6ab1ef97935fa

Comments