MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 908a8bd0c35ecd1fff0acd4c1dbc64c48632bf8e198004c135cb0d39c43ccf85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 908a8bd0c35ecd1fff0acd4c1dbc64c48632bf8e198004c135cb0d39c43ccf85
SHA3-384 hash: 459912b0412676efe5f5d912875cc5b2a73c310dda73e1c0bdad26de861b3853e4d150c1f647d01e2e380d0a21d33b9a
SHA1 hash: a685dac834da2f0f39f34480ff29bc4ad69495bf
MD5 hash: ab74bd8fa503c8a54d76e00d3d1f9c5e
humanhash: autumn-lake-tango-leopard
File name:GIORDANO ORIGINAL S PTED LTD_xls.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:400'814 bytes
First seen:2020-06-24 05:41:43 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:IOW086elgAvlbuNW7YG0VOPZdeyedfX/Lx7UYahU5Jzj3nq/kGGXQ9p+F:JgduseVeZd/e7iU5JzjXq/Pdpa
TLSH FC8423442EB971F043D8E4F0712A9FE807B40CBE4B6202AB76F0EA7527D95D68D89C5D
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: "GIORDANO ORIGINAL (S) PTED LTD" <xinwenlim@giordano.com.sg>
Subject: REQUEST FOR QUOTATION FROM GIORDANO ORIGINAL (S) PTED LTD
Attachment: GIORDANO ORIGINAL S PTED LTD_xls.z (contains "GIORDANO ORIGINAL S PTED LTD_xls.exe")

AgentTesla SMTP exfil server:
mail.greebals.gr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/908a8bd0c35ecd1fff0acd4c1dbc64c48632bf8e198004c135cb0d39c43ccf85/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:43:04 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=scfixugdl3gr77ykzvgb3pdeysddfp4odgaajqjvzmgttrb4z6cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 908a8bd0c35ecd1fff0acd4c1dbc64c48632bf8e198004c135cb0d39c43ccf85

(this sample)

AgentTesla

Executable exe 82bdf1c9eeecb62113d9b063bcf848c14e4cecf21950b129fefeb40d6ec95a70

  
Dropping
MD5 1cc5fe611d76af3f15c45d40665eb41b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 82bdf1c9eeecb62113d9b063bcf848c14e4cecf21950b129fefeb40d6ec95a70

Comments