MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc2cc8b7cf51f41d40121d63c21c9ae1af4f8f6126b582ace5ed4a5c702b31c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc2cc8b7cf51f41d40121d63c21c9ae1af4f8f6126b582ace5ed4a5c702b31c3
SHA3-384 hash: dd967acd80c15705d4f2b2ebc131c41265578cdc6f72e59ea4a5fa825aba2afc0dd795d4b0fb75e0bedcef17ce85c44f
SHA1 hash: fbeb6430f4ae3f4a973b0be4a19d1d88dc50c8f1
MD5 hash: 4715b05efb49029d9f7675b71881aa13
humanhash: table-michigan-princess-quiet
File name:vaccine release for Corona-virusCOVID-19_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:25'839 bytes
First seen:2020-04-03 11:19:36 UTC
Last seen:2020-04-03 21:06:52 UTC
File type: rar
MIME type:application/x-rar
ssdeep 384:5f4kdaGyV/rvh7vCafkGzry0OHeZebvAtIWZRBBKaNc0448rG1bYEAvgEJKtuDj6:5f4H5rv0UbZnZbkaNc0AjgEXKh
TLSH 3EC2E148393BD57B87A4CA8F20F88097E559C44858BDB4ABC2F81CE500A97C787AF55B
Reporter abuse_ch
Tags:AgentTesla COVID-19 GuLoader rar


Avatar
abuse_ch
COVID-19 themed malspam distributing GuLoader->AgentTesla:

HELO: mail2-ppa.jpcinet.co.uk
Sending IP: 212.113.198.219
From: Dr. Kim Jung <info@hardworkingincs.pro>
Subject: Latest vaccine release for Corona-virus(COVID-19) (contains "vaccine release for Corona-virus(COVID-19)_pdf.exe")

AgentTesla SMTP exfil server:
us2.smtp.mailhostbox.com:587 (208.91.198.143)

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-03 10:57:05 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 47 (36.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7qwmrn6pkh2b2qasdvr4ehe24gxu7d3be22yflhf5vffy4blghbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fc2cc8b7cf51f41d40121d63c21c9ae1af4f8f6126b582ace5ed4a5c702b31c3

(this sample)

AgentTesla

Executable exe 2cf671173d9af2f550adcb58b7c8aa914164d52400363680cf476af85b9bfab2

AgentTesla

Executable exe 041320839c8485e8dcbdf8ad7f2363f71a9609ce10a7212c52b6ada033c82bc5

  
Dropping
MD5 791a1240d70a20f2b1383dc1bf8d6f90
  
Dropping
SHA256 041320839c8485e8dcbdf8ad7f2363f71a9609ce10a7212c52b6ada033c82bc5
  
Dropping
GuLoader
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 041320839c8485e8dcbdf8ad7f2363f71a9609ce10a7212c52b6ada033c82bc5

Comments