MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec97f6188a80c1096f1eabae92be5a29e13f19b515689720a44fcdcc6266c6c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec97f6188a80c1096f1eabae92be5a29e13f19b515689720a44fcdcc6266c6c3
SHA3-384 hash: 377e38c698be992e40be9710e073a411a934dbd748995bc2c5c417d120a97749630c8ad4cf4da55b76dc2264c5628b37
SHA1 hash: da54f3764109e5cac810c2e9f36beb946704f6cf
MD5 hash: ff0487b7abd88e0ec0083b026bcc31ab
humanhash: grey-comet-red-venus
File name:file-copy.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:498'836 bytes
First seen:2020-08-06 05:24:33 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:c/HHAqY8dNK57McgZj/yP4VPnBGSedyC5rOQ8o:wHNYiNKO9jXnsSAgU
TLSH 1CB423B242AD5E2FCB411F8774DD80298DA1402D5FA9AE63F5BB900EB9FEB02D541127
Reporter abuse_ch
Tags:AgentTesla gz TNT


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: paymontly.servers.prgn.misp.co.uk
Sending IP: 185.20.50.76
From: eInvoicing <einvoicing@tnt.com>
Subject: TNT E-invoicing Notification - 04842264
Attachment: file-copy.gz (contains "file-copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec97f6188a80c1096f1eabae92be5a29e13f19b515689720a44fcdcc6266c6c3/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 02:20:02 UTC
AV detection:
34 of 46 (73.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5sl7mgekqdaqs3y6voxjfps2fhqt6gnvcvujoifej7g4yytgy3bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec97f6188a80c1096f1eabae92be5a29e13f19b515689720a44fcdcc6266c6c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ec97f6188a80c1096f1eabae92be5a29e13f19b515689720a44fcdcc6266c6c3

(this sample)

AgentTesla

Executable exe 63e13b77ab8cff1a49631d5806a3c1530c725f36ea9defa954e1a38f937c49c4

  
Dropping
MD5 9ec0627de7747f64782f539138053576
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 63e13b77ab8cff1a49631d5806a3c1530c725f36ea9defa954e1a38f937c49c4

Comments