MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fef61e4ad748154da70e8b9aa6f6c8fc0dc6e7c07a2b2ef11ca67b0ffa7a651f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fef61e4ad748154da70e8b9aa6f6c8fc0dc6e7c07a2b2ef11ca67b0ffa7a651f
SHA3-384 hash: 3239e6623044f3a6ab8269f2e5a5cc54d4211780818f57a17820b5a4d9de308a95747b7734ef956bd508d3707d571a00
SHA1 hash: cf629522472153823dd7ddc5db98526f642a89d8
MD5 hash: 92af210dc66e610903582e3de5fc615a
humanhash: nine-tennis-illinois-don
File name:Purchase Order.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:426'728 bytes
First seen:2020-09-24 09:18:49 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:fEbdqTiQhYWWZmCjd238nBpcRQ8GaFPo0L9QGEky:spqaDZmCjd8eiRTNo0xJy
TLSH 9194235F5E149E9B1923B063B6F7E9765B07B5E218E414EF22272330BEFDE01190AC60
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: ""John Ahn" <irene@915.gonbino.ml>"
Received: "from xvg0.915.gonbino.ml (unknown [157.230.94.251]) "
Date: "Thu, 24 Sep 2020 01:24:14 -0700"
Subject: "Purchase Order 5498772"
Attachment: "Purchase Order.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27247.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fef61e4ad748154da70e8b9aa6f6c8fc0dc6e7c07a2b2ef11ca67b0ffa7a651f/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-09-24 08:10:25 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=733b4swxjaku3jyoronkn5wi7qg4nz6apivs54i4uz5q76t2mupq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz fef61e4ad748154da70e8b9aa6f6c8fc0dc6e7c07a2b2ef11ca67b0ffa7a651f

(this sample)

AgentTesla

Executable exe e03c4f9c8ae0b28a7538315c3af97428339911bd6118371c0459adfd14abca44

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e03c4f9c8ae0b28a7538315c3af97428339911bd6118371c0459adfd14abca44

Comments