MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44dde8dc565959b0f7a059ae1ec70259ea9c1314dc917c321ae9543fa87abc40. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44dde8dc565959b0f7a059ae1ec70259ea9c1314dc917c321ae9543fa87abc40
SHA3-384 hash: ae384386d02a39ae364d28c1991891ac98258d90b362c694f7ae5e2ceb8b2ad4a00c81b21b8c96efc79427d2d8d6e018
SHA1 hash: ec597ce2abfef6562fb577b9fb1f7669b283c5c1
MD5 hash: 3b5271e4535505ff1ba4185b8e48a4e3
humanhash: football-carpet-king-queen
File name:RFQ 107801022.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:392'837 bytes
First seen:2020-07-12 09:16:29 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:YmTC+LqAVlIbeaMP8zBSg4av9nJUL7fvrakS4FZ5qWkkyyQyxmkk+uOGdwiJ7qok:Yl+LlIbk8pv9yL7nmkVFZ5qWkApoROqg
TLSH E284233A2CA63ED392076BB2AB11831F3C059D6CAD49A3C4155E572FD8B39D6C787138
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 1400m5tks.ni.net.tr
Sending IP: 94.102.6.140
From: Mahmoud Mostafa (GA-) <nm.mostafa@gmail.com>
Subject: RFQ 107801022
Attachment: RFQ 107801022.gz (contains "RFQ 107801022.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EOBJ.25033.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44dde8dc565959b0f7a059ae1ec70259ea9c1314dc917c321ae9543fa87abc40/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-12 09:18:06 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ito6rxcwlfm3b55algxb5ryclhvjyeyu3sixymq25fkd7kd2xraa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 44dde8dc565959b0f7a059ae1ec70259ea9c1314dc917c321ae9543fa87abc40

(this sample)

AgentTesla

Executable exe ce5a82d9e4d14e5511170ff4bb06aeaa49a937c39a6770a8e9b38d589b8339f6

  
Dropping
MD5 afc225f7967645ccb4e431442204e5a0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ce5a82d9e4d14e5511170ff4bb06aeaa49a937c39a6770a8e9b38d589b8339f6

Comments