MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34fdbebef92d9304100cf5d886535a74a18e38b40f2c127e0d3e6ae6fe1c1ac1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34fdbebef92d9304100cf5d886535a74a18e38b40f2c127e0d3e6ae6fe1c1ac1
SHA3-384 hash: 6aee2115b2dcfa03b826325893c2e27aa66de4ce98188eb638cc909c88df0405242d8523fc5e57fe3da281e4e8cb0eee
SHA1 hash: c75dd46ad8d336c81bef53d9440b5848f984c339
MD5 hash: 518ba78b973b0a32c51e3c6298a534d7
humanhash: mike-skylark-vermont-massachusetts
File name:Facturas Pagadas al Vencimiento.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:780'504 bytes
First seen:2020-07-07 08:26:13 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:V0zzSHPNm9s/tSr1IGtY8Wh4yzCstoRYe5AQ+N48ZiZk6qwu5YyTxcGr:V0KHVUOtui8U4yCsqRYg+Bi661u6yTrr
TLSH 1FF423C21BE867D6AA850E7FE5816C70789709DEB0BB2E391733852C25FF9902275F41
Reporter abuse_ch
Tags:7z AgentTesla BBVA ESP geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vxadm-11.srv.cat
Sending IP: 46.16.58.130
From: Confirming.bbva <Confirming.bbva@bbva.com>
Subject: BBVA-Confirming Facturas Pagadas al Vencimiento
Attachment: Facturas Pagadas al Vencimiento.7z (contains "Facturas Pagadas al Vencimiento 2.bat")

AgentTesla SMTP exfil server:
mail.imacdeveracruz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34fdbebef92d9304100cf5d886535a74a18e38b40f2c127e0d3e6ae6fe1c1ac1/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 08:28:09 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gt635pxzfwjqieam6xmimu22osqy4ofub4wbe7qnhzvon7q4dlaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 34fdbebef92d9304100cf5d886535a74a18e38b40f2c127e0d3e6ae6fe1c1ac1

(this sample)

AgentTesla

Executable exe a6e37f96da16a4f2be724e41fb5aa0ddcb75ba281b2dcf2077779592ab0ed5bb

  
Dropping
MD5 93873ad64ae56bcd5eb73cf3f5495c39
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a6e37f96da16a4f2be724e41fb5aa0ddcb75ba281b2dcf2077779592ab0ed5bb

Comments