MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdb4068d93330b2cffb761a0fa7f63faaa064fcb098520f3327957b363433909. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdb4068d93330b2cffb761a0fa7f63faaa064fcb098520f3327957b363433909
SHA3-384 hash: c7be542082de4a6b4ad040ef35098a32bc731c05dce7c27bd370ff2b1d295afd0811851513734805ae1c386966db8264
SHA1 hash: 829dfa607c39220c1793e39b91d36a7ae2b73702
MD5 hash: f2158b88a62cf95e95bc647dc477af9a
humanhash: finch-muppet-lemon-salami
File name:NEW_ORDER.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:552'446 bytes
First seen:2020-04-30 10:20:02 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:FWnZZC3k3PWEjTheKCA4s5lFNtG5fs/DZDBoxqO54RvV:8g3BEHhAg5lFNs5Q9DTy4RvV
TLSH 41C42325E73060970BF9B523AC5D6F89FBEC272D047C48ACE82A454CE3E95054CBE71A
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: redsox.unisonplatform.com
Sending IP: 162.219.250.42
From: marketing@accurateint.com.pk
Subject: Urgent Order
Attachment: NEW_ORDER.gz (contains "NEW_ORDER.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 03:50:28 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7w2andmtgmfsz75xmgqpu73d7kvamt6lbgcsb4zspfl3gy2dheeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz fdb4068d93330b2cffb761a0fa7f63faaa064fcb098520f3327957b363433909

(this sample)

AgentTesla

Executable exe 8144c16fae9de990f8c3d24fad70488d56b0e2177d310225f334896506516096

  
Dropping
MD5 2cc76a5f064bb2ee924e0f616398ff5b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8144c16fae9de990f8c3d24fad70488d56b0e2177d310225f334896506516096

Comments