MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 382e72639940eebd653a11fd725e0b549762e6250151c24de3837187aa88a25f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 382e72639940eebd653a11fd725e0b549762e6250151c24de3837187aa88a25f
SHA3-384 hash: 12af63f6d3c1154539b0174144265aad0837babd3328a1b8dace867c1e2fed5191fd45936dd8b75081344c5cbee884b5
SHA1 hash: 1c5f5f7ba02a1c865a5683e8f58790919ef98fc0
MD5 hash: 6d20ef5e20cabf92dc12981deb41bb5e
humanhash: mississippi-saturn-utah-floor
File name:Payment Advice Bank of China_PDF.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:661'772 bytes
First seen:2020-06-05 10:25:42 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 12288:nr7KfsUoa28tCfa14VIqc66pxkg4eUs40UHwg+kj0vMmuGK+/TN4dBowG0+t:r7K0UogQIqz6pxkzJsdUdXizKKN4dBo3
TLSH 5BE423DE160379BB5F1B998B4973E0EDB3A84B8DE580C5E70CC98855B15443AFE028DB
Reporter abuse_ch
Tags:ace AgentTesla BOC CHN geo


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mila.hozzt.com
Sending IP: 176.53.94.106
From: Bank of China (Hong Kong) <transfer@bochk.com>
Subject: Bank of china Payment Transfer Notification (中國銀行付款轉帳通知書)
Attachment: Payment Advice Bank of China_PDF.ace (contains "Payment Advice Bank of China_PDF.exe")

AgentTesla SMTP exfil server:
mail.miryatradingltd.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-05 13:22:52 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=haxhey4zidxl2zj2ch6xexqlkslwfzrfafi4etpdqnyypkuiujpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 382e72639940eebd653a11fd725e0b549762e6250151c24de3837187aa88a25f

(this sample)

AgentTesla

Executable exe a67bb928f2d8830e5e8dd05beec8d56d189af490a667522752cba64b6cd5951a

  
Dropping
MD5 3c7c2ac5e8bbff8ba0c93f55462e199a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a67bb928f2d8830e5e8dd05beec8d56d189af490a667522752cba64b6cd5951a

Comments