MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fef915dcdbde7bc8879300a1892ef02a0507e60d40f6379e8e1af942ab083d3a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fef915dcdbde7bc8879300a1892ef02a0507e60d40f6379e8e1af942ab083d3a
SHA3-384 hash: 077906d1d0383f8963118322698ffd36438fcb8bc7033586b6cf86ee3095f48fceae2345810e9c94a551aaf8484dcb0b
SHA1 hash: a70e8e0d2196f7742973fb685f74fa50eee32c3f
MD5 hash: 4793d1c0f8ae45c63f1cad023744acd8
humanhash: leopard-six-winner-minnesota
File name:purchase Order..160620.Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:383'618 bytes
First seen:2020-06-16 05:00:48 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:ma/I669fFWU5xY2N4AImJt66/fqcGCDHnHoAv5ED0qygKSOAwmvifPve:ma/IJ9WUrFN4AImi8VJDHHon0gh9vifu
TLSH BE8423C03A4EC80F56472297724632DE845E61F72E9522CF347CBEBE629C8781D986DD
Reporter abuse_ch
Tags:AgentTesla z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: prakash.com
Sending IP: 45.143.222.106
From: anilrajak <anilrajak@prakash.com>
Subject: PURCHASE ORDER NO.OP20Y-00130 DATED 16.06.2020
Attachment: purchase Order..160620.Z (contains "purchase Order..160620.exe")

AgentTesla SMTP exfil server:
smtp.autoshorp.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:02:08 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=734rlxg33z54rb4tacqyslxqficqpzqnid3dphuodl4ufkyihu5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z fef915dcdbde7bc8879300a1892ef02a0507e60d40f6379e8e1af942ab083d3a

(this sample)

AgentTesla

Executable exe 915317c4721161535e8ab7d081baa128d6678c50ff2135571965cf40b7167fb5

  
Dropping
MD5 3c00bb9d99608f128db546e47cee3d87
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 915317c4721161535e8ab7d081baa128d6678c50ff2135571965cf40b7167fb5

Comments