MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19c2aa0efbd9cc237f90fc073574b3397774a455a5594c8cb12ae73f1465ae7a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19c2aa0efbd9cc237f90fc073574b3397774a455a5594c8cb12ae73f1465ae7a
SHA3-384 hash: be0a303087fac98ee75246756dcf783f706a044a8986547da8fb6c1a30237e4259db57f4d8bfeeebed8e8b48513f35fc
SHA1 hash: 1bce095f196ebbb24498ae6053993a203ddb3194
MD5 hash: cdb4c840d14edddd8e01cacdc113fc90
humanhash: potato-three-solar-undress
File name:BBVA-Confirming Facturas.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:391'526 bytes
First seen:2020-06-16 13:23:42 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:RO6os1PH11lzXxxDZa7gG7ZpCWFlnJAdq0cx5Sv4BPuifELK4BZxbXUMgo:ROvcvflzBxDNG5FTh0wSv4sLKMXUMJ
TLSH 3A84230E8B23300645BAF62895CC858CB76D68AD86B470199CDFC5733B4ED783D75A39
Reporter abuse_ch
Tags:7z AgentTesla BBVA ESP geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ns1.bursaclick.com
Sending IP: 185.42.172.117
From: BBVA-Confirming <pedro@micomendez.com>
Reply-To: pedro@micomendez.com
Subject: BBVA-Confirming Facturas Pagadas al Vencimiento
Attachment: BBVA-Confirming Facturas.7z (contains "BBVA-Confirming Facturas.bat")

AgentTesla SMTP exfil server:
mail.imacdeveracruz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 13:25:07 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dhbkudx33hgcg74q7qdtk5fthf3xjjcvuvmuzdfrfltt6fdfvz5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 19c2aa0efbd9cc237f90fc073574b3397774a455a5594c8cb12ae73f1465ae7a

(this sample)

AgentTesla

Executable exe e42fe9ce657b9eedca1497cbcecfb3a6b7ed453ff5dde6c4cc3f06cdf7b59b00

  
Dropping
MD5 9634c1817f45772acc75866f0802e0ce
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e42fe9ce657b9eedca1497cbcecfb3a6b7ed453ff5dde6c4cc3f06cdf7b59b00

Comments