MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b64561fed745eb7c20c91f88bcf7ea7dc351264a85816c002a86e602a97a0d94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b64561fed745eb7c20c91f88bcf7ea7dc351264a85816c002a86e602a97a0d94
SHA3-384 hash: 4e258cf920317b2edbf421bfbcbcc38d776be95aca5b71278cf0e612920339d490467b4546b2822f5441539b25db1fdc
SHA1 hash: d9907c0f4b1effa187bdeff4c68deb356b25bf5f
MD5 hash: 099c5de3b56f3dd9f3090d27d41346f6
humanhash: jersey-ohio-music-alanine
File name:4020101.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:502'052 bytes
First seen:2020-08-17 19:09:23 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:g9Ms9LUR94hz1SHRvgk375thV8P06p403ozS:g9rLu4hz1Moc1BGdv
TLSH 72B423F48742C0923E699104953777CE529B441A8E3AF9E849CE13ADD8FC8D0EFC9C59
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: Aditya Reyansh <mktg3@hindustaninox.com>
Subject: RE: Requesting Urgent Quotation
Attachment: 4020101.gz (contains "4020101.exe")

AgentTesla SMTP exfil server:
smtp.ikrrispharmanetwork.com:587

AgentTesla SMTP exfil email address:
amazing.grace@ikrrispharmanetwork.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.BScope.Trojan.Crypt.5088.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b64561fed745eb7c20c91f88bcf7ea7dc351264a85816c002a86e602a97a0d94/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 19:11:05 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wzcwd7wxixvxyigjd6elz57kpxbvcjskqwawyabkq3tafkl2bwka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b64561fed745eb7c20c91f88bcf7ea7dc351264a85816c002a86e602a97a0d94

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b64561fed745eb7c20c91f88bcf7ea7dc351264a85816c002a86e602a97a0d94

(this sample)

AgentTesla

Executable exe ca8fc2087eb3f497942cb2919b50a244f3f029d11c940ac6692713bbd713892c

  
Dropping
MD5 28f22c5e789c92544b3e0eadacc61749
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca8fc2087eb3f497942cb2919b50a244f3f029d11c940ac6692713bbd713892c

Comments