MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a3e419b13427904b319fc0017704a938526834c39662f943296c493e3aa1780. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a3e419b13427904b319fc0017704a938526834c39662f943296c493e3aa1780
SHA3-384 hash: 15d7952edb8019b9bacc248b65cbd92644bbeec4504342a8cb6b46c9cd3bf86c36c6b5584b202c6908cdc56ccec7c8b7
SHA1 hash: a20fcbc1a25ebe95531a7953a38131b11a67a5d9
MD5 hash: b2b0d8002e276d8834722448ae81face
humanhash: ohio-uranus-mexico-crazy
File name:Order List Images.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:294'515 bytes
First seen:2020-08-06 05:26:56 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Cefj1k2+S8Ck9HC2OuPWza6biJ+IoHDM6CuWNnVgW6wVrBvmGskDqfXHIc:vj1ET9i2MxiJ+TQlGWL9rYv3
TLSH 4C542374D115845AA03955E0CC5F3A33D287EABC27B403F81896A67A211F9F24D7F39E
Reporter abuse_ch
Tags:AgentTesla rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.genogan.ga
Sending IP: 45.147.162.107
From: David Cooper <admin@genogan.ga>
Subject: Re: Order Inquiry and supply
Attachment: Order List Images.rar (contains "Order List & Images.exe")

AgentTesla SMTP exfil server:
smtp.chigo-cec.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a3e419b13427904b319fc0017704a938526834c39662f943296c493e3aa1780/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 05:28:09 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ni7edgytij4qjmyz7qabo4cksocsna2mhftc7fbss3cjhy5kc6aa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6a3e419b13427904b319fc0017704a938526834c39662f943296c493e3aa1780

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 6a3e419b13427904b319fc0017704a938526834c39662f943296c493e3aa1780

(this sample)

AgentTesla

Executable exe 590c19542f6959d6424107eb4f2998b04d035575341b1f23a40dea6d82aecadd

  
Dropping
MD5 6a722e017c662992db92c7a256262d12
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 590c19542f6959d6424107eb4f2998b04d035575341b1f23a40dea6d82aecadd

Comments