MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b3a509fada9d3a1222d0d0f95e1f3b2f107ba2078c95dcede6173d8b21c52cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b3a509fada9d3a1222d0d0f95e1f3b2f107ba2078c95dcede6173d8b21c52cb
SHA3-384 hash: 9094073b82f387097252cd2172d92322c9997a59807fb837a48d53215196fe2db24b6ac0df11434c5581ae2596055aac
SHA1 hash: 4cfa64e5dd4c8236e0f2f89d76edf66a63cf77a9
MD5 hash: 18d3c56f0f8db27ab2c076f11c79bd49
humanhash: red-east-foxtrot-cat
File name:Payment Copy.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:419'090 bytes
First seen:2020-06-16 15:29:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:uHNP8/c/248Tnm5Abp8VyONdlO/JkEnZLI4:J/U2NnEecxbiJg4
TLSH FF9423D5AD9F1D753BAB466345452F1A342612A68E8CCB2BF4333737ACC211ACC6B474
Reporter abuse_ch
Tags:AgentTesla HSBC z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sc.com
Sending IP: 95.211.208.50
From: HSBC Global Payments and Cash Management <fbaraza@sc.com>
Subject: FW: Global Payments and Cash Management HSBC
Attachment: Payment Copy.pdf.z (contains "Payment Copy.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.21237.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 15:31:03 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hm5fbh5nvhj2cirnbuhzlyptwlyqporapdev3tw6mfz5rmq4klfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3b3a509fada9d3a1222d0d0f95e1f3b2f107ba2078c95dcede6173d8b21c52cb

(this sample)

AgentTesla

Executable exe 0b43d1a92167c5579fcf6143418d0195b36be0bd7eaf8ce644d3ba344dd92936

  
Dropping
MD5 6be41600e1ac87f09c86fbf87a00a31d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0b43d1a92167c5579fcf6143418d0195b36be0bd7eaf8ce644d3ba344dd92936

Comments