MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 af1008ff6b0dcf356512c4b7608c53ec7887627129f8c01218dc235499d985df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: af1008ff6b0dcf356512c4b7608c53ec7887627129f8c01218dc235499d985df
SHA3-384 hash: d6f97f7b1d2d6379a8b219e1cc9c0d4eabb0dc43cc2fc3d6cde1ac9844e2e734ba10b44202cfbb0aca2b07c0741c39a9
SHA1 hash: 1ae6925ca68f474cfc441d3a4637a3e5cb257fcb
MD5 hash: a6ac792661768b47045e4364f9330a16
humanhash: steak-grey-violet-oven
File name:SWIFT COPY.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:596'732 bytes
First seen:2020-08-18 19:20:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:nKh8T4qOXyKV0AcMz2U53QiGmP68qpqdBq45bI6haSaBFV:cwOXX0DuzKRm0poB30BFV
TLSH 5BC423F30DE5F768518F10A241D8B89E6EF85215711AE6C3DAD85C2643F9F80B3A43AD
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pmg3.teknikdata.com
Sending IP: 46.235.11.157
From: Kocaeli <info@kartepehurdageridonusum.com>
Subject: Advance payment
Attachment: SWIFT COPY.zip (contains "SWIFT COPY.exe")

AgentTesla SMTP exfil server:
mail.mettekstil.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21744.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/af1008ff6b0dcf356512c4b7608c53ec7887627129f8c01218dc235499d985df/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 19:22:08 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v4iar73lbxhtkzisys3wbdct5r4ioytrfh4maeqy3qrvjgozqxpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/af1008ff6b0dcf356512c4b7608c53ec7887627129f8c01218dc235499d985df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip af1008ff6b0dcf356512c4b7608c53ec7887627129f8c01218dc235499d985df

(this sample)

AgentTesla

Executable exe 8982d8d1e52e14af5497788a98c2bdf4b57a447e03c7212752176ea258ad15c0

  
Dropping
MD5 fe8797e48566afde02a56040b0639b15
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8982d8d1e52e14af5497788a98c2bdf4b57a447e03c7212752176ea258ad15c0

Comments