MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f7e8b2cb97de035466cd5a430cb3f301ff60d6bf41c5163bd20acf4ee9ddb0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f7e8b2cb97de035466cd5a430cb3f301ff60d6bf41c5163bd20acf4ee9ddb0e
SHA3-384 hash: 45bf48a2fc767fecda279590b4fbe1c760b8aa6c54abc1556ac0aad014bfd78e97290d6ee11dae293d86600d85b009f8
SHA1 hash: 68edf00bfdd6fac86ee98dd4f7769dfaaf18e9c8
MD5 hash: fd3b5e0cb4bb479cee6058cd10a87642
humanhash: oregon-pip-golf-india
File name:NEW ORDER.GZ
Download: download sample
Signature AgentTesla
Create hunting rule
File size:402'017 bytes
First seen:2020-07-19 05:45:49 UTC
Last seen:2020-07-19 06:05:37 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:xy05brh4qd9/UDEX1NEboF1fdsRp/YmVDtC+eS0Fkejr+LbrLjR:kSV3cwCW2/YKtCflWLfnR
TLSH 8E842338681E69527BE566E33BAA9404C689D4CAED17E3F43D4FE1EA043D220356C379
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email
From: Bencetic, Oliver <Oliver.Bencetic@binder-world.com>
Received: from binder-world.com (unknown [185.222.57.211])
Date: 18 Jul 2020 18:37:43 -0700
Subject: Re: AW: BINDER Invoice 900061813 from 18.07.2020 new order 200701
Attachment: NEW ORDER.GZ

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27360.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f7e8b2cb97de035466cd5a430cb3f301ff60d6bf41c5163bd20acf4ee9ddb0e/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-18 23:13:32 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=n57iwlfzpxqdkrtm2wsdbsz7gap7mdll6qofcy55ecwpj3u53mha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6f7e8b2cb97de035466cd5a430cb3f301ff60d6bf41c5163bd20acf4ee9ddb0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 6f7e8b2cb97de035466cd5a430cb3f301ff60d6bf41c5163bd20acf4ee9ddb0e

(this sample)

AgentTesla

Executable exe 2360b89fa9459eeeb583d67f26ba7973751feaf3868b636dd176b1e891f47a49

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2360b89fa9459eeeb583d67f26ba7973751feaf3868b636dd176b1e891f47a49
  
Dropping
AgentTesla

Comments