MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba60003be230e96db3d2889e97b59c5ee4969b2072566eac9a76cd5ae0a5b6d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba60003be230e96db3d2889e97b59c5ee4969b2072566eac9a76cd5ae0a5b6d1
SHA3-384 hash: 2c5bba905fe785fefc247b6e7c4f80ea7bc1ee497289dea3ad2ff1c0789b9cf5ea25f043fcd8efa76b2172a7af083493
SHA1 hash: 6e4362beaa3cbc036ecc41c24ac86e12e8aba822
MD5 hash: 19db035e1a27a1be1b2c191a5c28b5a8
humanhash: quiet-nebraska-dakota-happy
File name:SWIFT TRANSFER.001
Download: download sample
Signature AgentTesla
Create hunting rule
File size:408'133 bytes
First seen:2020-07-01 17:58:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:MJv9QxZY9oQ5/gYPyndIxz9gqA/RnacTKUQXe/7p9bzV/o7WCYhRJqLYB52QewXh:MJvGZVQrPyndIwzqQb2yCYoLYqMRn
TLSH 419423F734128F92127D179F59A1400FE05B73BAEB49CB86FA21D127EE8C0D8557CA4A
Reporter abuse_ch
Tags:001 AgentTesla


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps.ysdesig.com
Sending IP: 45.95.169.9
From: EEC, A Abu Steit <amer@eeceg.com>
Subject: FW: SWIFT TRANSFER
Attachment: SWIFT TRANSFER.001 (contains "SWIFT TRANSFER.exe")

AgentTesla SMTP exfil server:
mail.tpcdel.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba60003be230e96db3d2889e97b59c5ee4969b2072566eac9a76cd5ae0a5b6d1/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 18:00:06 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xjqaao7cgduw3m6srcpjpnm4l3sjngzaojlg5le2o3gvvyffw3iq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ba60003be230e96db3d2889e97b59c5ee4969b2072566eac9a76cd5ae0a5b6d1

(this sample)

AgentTesla

Executable exe cb757be99c1e4b53052ab918ce223e2c4a95ffb550cbc950c6178ccdc916c05d

  
Dropping
MD5 e481a3c28f0c4ae4c2543e27e1cd25cd
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cb757be99c1e4b53052ab918ce223e2c4a95ffb550cbc950c6178ccdc916c05d

Comments