MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfe775a9d77cbaf7e4f9abb17ad48e6e761ba84686a3323016832c746347d231. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfe775a9d77cbaf7e4f9abb17ad48e6e761ba84686a3323016832c746347d231
SHA3-384 hash: 93b4b27310d031b75867139765f86e6a3d8af9a83177525c0eaec87e7a23f89f5970e1656a0855403d067b3cd34ff379
SHA1 hash: 200e21a86268ffe097fb53bfad94920e0feed8ce
MD5 hash: 9a56b5e107939d3ae14493dd2f2a3b12
humanhash: illinois-floor-one-artist
File name:Scan_Document_pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:600'848 bytes
First seen:2020-06-11 14:07:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:I4xlw94rn/Jplx6TjU1RVMgjgSSQzyzi1xdw2v7GiZj0:dlw9E/JpSTIVMYS1z4xdw2Sie
TLSH E6D423F107B8315A73A95EBCA833D7DBC098E2555DD0AEA7E89DA0830173C66732C617
Reporter abuse_ch
Tags:AgentTesla FedEx zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: FedEx Express Inc <support@fedex.com>
Subject: FedEx SOA
Attachment: Scan_Document_pdf.zip (contains "Scan_Document_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.245818.10883.3329.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22774.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 14:09:04 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7txlkoxps5ppzhzvoyxvveonz3bxkcgq2rtemawqmwhiy2h2iyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bfe775a9d77cbaf7e4f9abb17ad48e6e761ba84686a3323016832c746347d231

(this sample)

AgentTesla

Executable exe eba71d34064a16351e9b19b46abdf4240ff2ce39d709a7d6c636c06327b561d2

  
Dropping
MD5 23b61f9fc6fdfb7067ee8eb6f5edbc72
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eba71d34064a16351e9b19b46abdf4240ff2ce39d709a7d6c636c06327b561d2

Comments