MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8b7d08ae5b092bcfb02359e19a6161f84cab9a48f5e627b428dafeee5434cc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8b7d08ae5b092bcfb02359e19a6161f84cab9a48f5e627b428dafeee5434cc4
SHA3-384 hash: 1081266e304afb337180db37a143763f8ad86fe3cbf51384555031bbf8dbd63333486ea7931fc57482db244d2bf73f65
SHA1 hash: e7f80fd0a24704ec22e811678bbf918fe57cbb51
MD5 hash: 4d8cf65ed5e5a94c560ad752b22b6f06
humanhash: foxtrot-two-nine-nuts
File name:Purchase Order NO4500057180.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:384'603 bytes
First seen:2020-06-26 08:10:18 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:II4CqI41QVogVJgTsdZB5XueJOZWpfCW3QDg/At0WI5oYT1m5R8u:aCAWVouXnB5XueJRVOt3tYT1ORH
TLSH 5B8423A7A4DB2EA63D167F6914D33092E2E52FCB853C84F49C77688A0F8AD27C150917
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: star.educat.icu
Sending IP: 206.72.192.131
From: Mary Williams <u12815151@cityhire.store>
Subject: FW: New Order
Attachment: Purchase Order NO4500057180.gz (contains "Purchase Order NO4500057180.exe")

AgentTesla FTP exfil server:
ftp.persisiciptautama.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodGzip-A.8734.28450.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8b7d08ae5b092bcfb02359e19a6161f84cab9a48f5e627b428dafeee5434cc4/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 08:12:05 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3c35bcxfwcjlz6ycgwpbtjqwd6cmvoner5pge62crwx65zkdjtca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz d8b7d08ae5b092bcfb02359e19a6161f84cab9a48f5e627b428dafeee5434cc4

(this sample)

AgentTesla

Executable exe 6e260348112006ad44bdcf1257f8626f37f1f93f1972c3d78387c1d8c63292ba

  
Dropping
MD5 9408dede200068418e82cdca033e9b23
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e260348112006ad44bdcf1257f8626f37f1f93f1972c3d78387c1d8c63292ba

Comments