MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86c2bb91887d1b98c42fc5db9abb79a68abc20c558ef0ffbd2a992578ace1296. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86c2bb91887d1b98c42fc5db9abb79a68abc20c558ef0ffbd2a992578ace1296
SHA3-384 hash: c109fd0c0d54a6250f62a7e41a46c96f5b65773b51f830423243d259613390b44c2303626f56f22339d837be140214cd
SHA1 hash: c82ec338431babe1989dcc2fc84fee048987a3fa
MD5 hash: 37c3df9c1df0a0ea2b7a2b1a52c1e765
humanhash: blue-asparagus-mockingbird-low
File name:INV 49317824.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:369'243 bytes
First seen:2020-10-02 04:54:04 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 6144:E23V5Jl1dcaed+uD6d7+M7pDspilibLP3QX5zCyjXefE0A+uff6bjwJsGvhYmxsC:EKJP61I+MlUilQP3ExBefEMn8JsULzz7
TLSH 2874239C6A5FDCBD131827F1051B4E22E3FE189CAAA39C6D8C74CE276135C0487392D9
Reporter cocaman
Tags:7z


Avatar
cocaman
Malicious email (T1566.001)
From: "Geetha Prabhu <geethap@workflexi.in>"
Received: "from noreply.tradeindia.com (unknown [45.137.22.104]) "
Date: "1 Oct 2020 21:10:25 -0700"
Subject: "FW: Invoice - OK to be Paid"
Attachment: "INV 49317824.7z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86c2bb91887d1b98c42fc5db9abb79a68abc20c558ef0ffbd2a992578ace1296/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-02 04:55:08 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/86c2bb91887d1b98c42fc5db9abb79a68abc20c558ef0ffbd2a992578ace1296

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 86c2bb91887d1b98c42fc5db9abb79a68abc20c558ef0ffbd2a992578ace1296

(this sample)

AgentTesla

Executable exe d2e12e778519b6ea35daaef5eadae95b9f9e7f60676c8ddae1b321e384984c63

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d2e12e778519b6ea35daaef5eadae95b9f9e7f60676c8ddae1b321e384984c63

Comments