MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f49e7c464ba10a0fbc79132777decc631935cf65d5576a035ca65321e2ed6a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f49e7c464ba10a0fbc79132777decc631935cf65d5576a035ca65321e2ed6a3
SHA3-384 hash: 99eb9b129df2249b4e608d3ba787ae0325a1aff1f9d27ffa7678fa6381d6e83096a0147394dccebbee605c46d7db4465
SHA1 hash: 62c694b2cf23401c3cdc5e8d8612ab428e24dd10
MD5 hash: 21c38871e566ef9158c7f16b924d48f1
humanhash: johnny-salami-summer-victor
File name:Invoice 20202009.doc.uue
Download: download sample
Signature AgentTesla
Create hunting rule
File size:282'614 bytes
First seen:2020-08-28 05:48:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:8DMYcSTK/eOA44RsLRYSexdwLmma+4X369dltb:8QrSTsAdiCBxdwLmmaH0/b
TLSH 47542341C4763AAB7A7EB51CA793C4C767CC27126E89407091F0B9E7386D5F6E8221BC
Reporter abuse_ch
Tags:AgentTesla uue Yahoo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sonic303-3.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.131.42
From: Larson <mojlarson@aol.com>
Reply-To: Larson <mojlarson@aol.com>
Subject: Re : Invoice 20202009
Attachment: Invoice 20202009.doc.uue (contains "Invoice 20202009.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24016.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21103.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f49e7c464ba10a0fbc79132777decc631935cf65d5576a035ca65321e2ed6a3/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-28 05:01:03 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n5e6prdexiikb66hsezho7pmyyyzgxhwlvkxnibvzjstehro22rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6f49e7c464ba10a0fbc79132777decc631935cf65d5576a035ca65321e2ed6a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6f49e7c464ba10a0fbc79132777decc631935cf65d5576a035ca65321e2ed6a3

(this sample)

AgentTesla

Executable exe 459b601dd88a555262d1894130f50d94f9a72207cda05dd1668839558d624552

  
Dropping
MD5 4dd31f12fb38178b421f8a25dba9c5f6
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 459b601dd88a555262d1894130f50d94f9a72207cda05dd1668839558d624552

Comments