MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b7e7cbd098cfc235b36b00b28c319fc4087dbd256dc74263d6c99b8d958cd42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b7e7cbd098cfc235b36b00b28c319fc4087dbd256dc74263d6c99b8d958cd42
SHA3-384 hash: 04b8f22fccd9408618a14c4233b422ce969985c1895f684a11c9d366b5363087032bbecdebb9892fba14d89de0aa2b72
SHA1 hash: 84a06474f32aa8c17a4fb013fc99824f8526f6b6
MD5 hash: d1ac88d0430b868df7f7c649a170a4aa
humanhash: thirteen-table-black-low
File name:Payment Advice 944095_160720200.r05
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'492 bytes
First seen:2020-07-27 11:40:54 UTC
Last seen:Never
File type: r05
MIME type:application/x-rar
ssdeep 12288:LOX8K5ymfDa2rNdaZtSdxn8sKjItZje8gJkB:SX8KI6acuZtsn6It1PgJe
TLSH B69423F2C6C5FAE309AE6BBD14A014E31160579647ECF3D3B9C1E8C517D6E4E98138A2
Reporter cocaman
Tags:AgentTesla r05


Avatar
cocaman
Malicious email
From: "HSBC Advising Service" <accounts1@radheatonline.com>
Received: from radheatonline.com (unknown [37.48.85.242])
Date: 27 Jul 2020 11:28:52 -0700
Subject: Payment Advice - Advice Ref:[GLV718758715] / Priority payment / Customer Ref:[944095_160720200]
Attachment: Payment Advice 944095_160720200.r05

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Rogue.0hr.20200727-1412.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b7e7cbd098cfc235b36b00b28c319fc4087dbd256dc74263d6c99b8d958cd42/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-27 10:03:46 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hn7hzpijrt6cgwzwwafsrqyz7raipw6sk3ohijr5nsm3rwkyzvba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Spyware
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/3b7e7cbd098cfc235b36b00b28c319fc4087dbd256dc74263d6c99b8d958cd42

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r05 3b7e7cbd098cfc235b36b00b28c319fc4087dbd256dc74263d6c99b8d958cd42

(this sample)

AgentTesla

Executable exe f8bf7f6c4e21b6ceed18ca103b17005d63fc5b381f944543c347591337c6bab7

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f8bf7f6c4e21b6ceed18ca103b17005d63fc5b381f944543c347591337c6bab7
  
Dropping
AgentTesla

Comments