MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bcfd19928d30a2053985250d2da90383f54288d6a82aeab1ac63d823700915b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bcfd19928d30a2053985250d2da90383f54288d6a82aeab1ac63d823700915b5
SHA3-384 hash: 34f1912e2ce43b7d981de6583a29911b2e8fee90e2587671d2be3a03d665d046d8d89ea231371c2935153f467edae480
SHA1 hash: b23fba76e0c99983765a89065f455d592a2c4f58
MD5 hash: a7503caf3c1af18397dee175efd7e5aa
humanhash: spaghetti-mockingbird-december-victor
File name:New084order.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'547 bytes
First seen:2020-06-11 05:52:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ok633i9PkxtS7q8XlorAI0w6rbufh5o/+KsnX0k28jxhQD1vEJAXSfkTT6VfWEFl:oklRCezI0w6f6hrnXJxWhkAi8T2VfWEP
TLSH FB84232AB83AC76E71BFA5F9D4AFC90B17C2433704025E5ABCC097065CD9BD1A50D5E8
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp01-sa.serv.net.mx
Sending IP: 201.150.39.117
From: Jim Lee <guac@gamaa.com.mx>
Reply-To: Jim Lee <obe.sales@hotmail.com>
Subject: 采购:Re:_New084order
Attachment: New084order.zip (contains "New084order.exe")

AgentTesla SMTP exfil server:
mail.labombilladeoro.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.42048.72.30595.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:54:10 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xt6rteungcrakomfeugs3kidqp2ufcgwvavovmnmmpmcg4ajcw2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bcfd19928d30a2053985250d2da90383f54288d6a82aeab1ac63d823700915b5

(this sample)

AgentTesla

Executable exe b32582d965c3013be019bba8cb16e651c11b5a59876d3c62403569a0127782b8

  
Dropping
MD5 e39eabc65d01fe69e79d410df6c15e04
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b32582d965c3013be019bba8cb16e651c11b5a59876d3c62403569a0127782b8

Comments