MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd184c8a07d4ca4090470665b86b9c1d0eb522727e13842240ccb8c9f80ce23e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd184c8a07d4ca4090470665b86b9c1d0eb522727e13842240ccb8c9f80ce23e
SHA3-384 hash: 8086ed35a277777110c9a1324668ffac8033ab6f331c87e4ec4d902e2640dbcf48ba230752110ac58f73a9e0531e33d2
SHA1 hash: 8189f3ecd2a70df18c5708a1706914cb25ce8a4f
MD5 hash: 89f2228d0766c0a0b4e54c3b0b454cfd
humanhash: lion-undress-cardinal-stream
File name:RFQ for TENDER NO. Tender No. RA236.PDF.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'121'454 bytes
First seen:2020-06-14 10:28:53 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 24576:u4Hrazy93KDGevgh8mlecTyLHZ7QXyziVM1kHm+/xbKJrQaihI:NLaE3K/oh8qVTyjIyzOM1k12QaihI
TLSH 3435334744124690B07996737D0CF4B81A92FF6DDCD847CCD85D9AA3A2C76B1803FE9A
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail2012.join-me.com.tw
Sending IP: 123.51.190.154
From: George <cs.george@najatgroup.com.bh>
Subject: RFQ for TENDER NO. Tender No. RA/236
Attachment: RFQ for TENDER NO. Tender No. RA236.PDF.z (contains "RFQ for TENDER NO. Tender No. RA236.exe")

AgentTesla SMTP exfil server:
mail.enmark.com.my:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-14 10:30:06 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7umezcqh2tfebechazs3q244duhlkitspyjyiisazs4mt6am4i7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z fd184c8a07d4ca4090470665b86b9c1d0eb522727e13842240ccb8c9f80ce23e

(this sample)

AgentTesla

Executable exe b1667a4eee2a104e32fd9071a6de2ee27634d2e181350b329d58f54b12bd2931

  
Dropping
MD5 f34071530f012ece5a36e3d5c7e54813
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b1667a4eee2a104e32fd9071a6de2ee27634d2e181350b329d58f54b12bd2931

Comments