MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 573309be8b8b32a79cde84b4b8233e2b5fb5114bc7c62093fd3815de253e5d67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 573309be8b8b32a79cde84b4b8233e2b5fb5114bc7c62093fd3815de253e5d67
SHA3-384 hash: 9c44aef38be672a1c6e878860d8e36c08f27f2b26502c9ac7f7ba1cce336891d9a6f2ef1a3ae5abbd53f7363798b013b
SHA1 hash: 3ea3b8d147ce2ce98b13c8395d732ad74a4f49fe
MD5 hash: 7d4db47578b2fd9334b356cce04f1636
humanhash: fish-yankee-alanine-dakota
File name:Zarnab hayat Co,PO samples needed Urgently.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:466'812 bytes
First seen:2020-07-08 06:55:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:YY8fLbl3b2FEEP2OfgUp2kW/2L8P7QQwxk6Ej7R5Y:YYOCpfFpib0Qwxk6EjFy
TLSH 7DA423EAAE30E8FB848348F24F55BA8D50826C9D344460A932D519DF57EB3F87819673
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gmail.com
Sending IP: 37.49.224.4
From: ayat <zarnabhayat@gmail.com>
Subject: PO samples872020
Attachment: Zarnab hayat Co,PO samples needed Urgently.zip (contains "Case file.exe")

AgentTesla SMTP exfil server:
smtp.bnb-spa.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.23110.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/573309be8b8b32a79cde84b4b8233e2b5fb5114bc7c62093fd3815de253e5d67/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:57:05 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k4zqtpulrmzkphg6qs2lqiz6fnp3kekly7dcbe75hak54jj6lvtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 573309be8b8b32a79cde84b4b8233e2b5fb5114bc7c62093fd3815de253e5d67

(this sample)

AgentTesla

Executable exe 3c1435bed4783276e6cb146e1e99b752f59b93be1320547419f19a02603feaca

  
Dropping
MD5 8b96b92d092045906f8be7738d94f92b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3c1435bed4783276e6cb146e1e99b752f59b93be1320547419f19a02603feaca

Comments