MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c262d04fef1d5f1f1583a35f9979df021ef93f329daa1dc54f2e58344207301f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c262d04fef1d5f1f1583a35f9979df021ef93f329daa1dc54f2e58344207301f
SHA3-384 hash: 6ca97d2c16baecb6ef60c58aebacbea1af99fd55020eb83930a755d9871c47d2ddad26c97f3e613b41c88e933f5efdda
SHA1 hash: db2750976f2a76e316bdc72a6fcbaeeb39cef005
MD5 hash: 3c65641c9da09b388e93dfc3ee0cbd00
humanhash: mississippi-grey-angel-island
File name:SCANPDF H110-H111MPR15907RFQ0004555 2020.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-29 07:43:48 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:zWrENJ844JoiJrAJqt1XfgmFYlqcl/KHjbnNMbV1MX7UOuvcu0Hk1z9Su/YtMP6K:ZJ80ROKROM/MX7UOuyHkzAuQj
TLSH 7A45D0C0B2E447CAE0B607F84D60B150177A3E662626DF596C8D72E51A72B830637F2F
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: slot0.ieeeboston.us
Sending IP: 45.95.169.206
From: Lisa Tan <info@ieeeboston.us>
Subject: RAPYD PTE LTD/H110-H111/MPR15907/RFQ
Attachment: SCANPDF H110-H111MPR15907RFQ0004555 2020.IMG (contains "SCANPDF H110-H111MPR15907RFQ#0004555 2020.exe")

AgentTesla SMTP exfil server:
smtp.logscome.xyz:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c262d04fef1d5f1f1583a35f9979df021ef93f329daa1dc54f2e58344207301f/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:45:09 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yjrnat7pdvpr6fmdunpzs6o7aippspzstwvb3rkpfzmdiqqhgapq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img c262d04fef1d5f1f1583a35f9979df021ef93f329daa1dc54f2e58344207301f

(this sample)

AgentTesla

Executable exe 0436004314fee6516b09d6abb84e8402f237027025c4b22a2a9b327f636da647

  
Dropping
MD5 4f87bd36b5494e7352898c0d9f5ac495
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0436004314fee6516b09d6abb84e8402f237027025c4b22a2a9b327f636da647

Comments