MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 062dce098567d8a0b6ff5445b6c35da0b48efff4a98934aec47bcb6d35c49da1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 062dce098567d8a0b6ff5445b6c35da0b48efff4a98934aec47bcb6d35c49da1
SHA3-384 hash: 33ef51f5025564c7ac88dfee79e5958b11065beb010f90960490e6bbb9a6b53d858cc9e810023fcf0ec31cab1c0d199e
SHA1 hash: b680089f7164505eac963a2d5a7ba12a4e2e2f0f
MD5 hash: ee878c20338ef1732dc8dbe1b671d010
humanhash: lamp-spaghetti-minnesota-steak
File name:tt copy.arj
Download: download sample
Signature AgentTesla
Create hunting rule
File size:489'304 bytes
First seen:2020-04-30 10:47:50 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 12288:HJ+gYQr/zRrp/9TwzfVxSYg1XG8s4sr9nsp7Dv/:HJ0Qrr/9Tw7XS1XFs1Uj
TLSH BBA423ED16A3D5E0E993C46B54C0C96BDC7A88D46ABC71845EF018C7470E7622D2E2EF
Reporter abuse_ch
Tags:AgentTesla arj HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hsbc.com.hk
Sending IP: 212.32.245.155
From: HSBC Advising Service<pay_reports@hsbc.com.hk>
Subject: MT103 Swift Copy <Payment Notification>
Attachment: tt copy.arj (contains "tt copy.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 11:36:36 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ayw44cmfm7mkbnx7krc3nq25uc2i577uvgetjlweppfw2noetwqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

arj 062dce098567d8a0b6ff5445b6c35da0b48efff4a98934aec47bcb6d35c49da1

(this sample)

AgentTesla

Executable exe 9ee4015e77250f861a3c3868a074de25eddfa3e6a2dbd159be7d61ee65513aa0

  
Dropping
MD5 6f7a55cb3c62cfd7decde0b32f23a8a0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9ee4015e77250f861a3c3868a074de25eddfa3e6a2dbd159be7d61ee65513aa0

Comments