MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44b6acdea82b5406972d5136706a22cd96aa61a900cbc7c245c417543f997b5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44b6acdea82b5406972d5136706a22cd96aa61a900cbc7c245c417543f997b5f
SHA3-384 hash: e819832f4e68548641ec1a128d7d7e737f7c14c81156f85bd276939f1a9c307349bc1c29cdbed11e806f73206bc55f4e
SHA1 hash: e57fc4ab3cc1bc6bdf17316a2f65e7f9719e6fc0
MD5 hash: 601474e762501dc74c5a840a130f6810
humanhash: fruit-cola-edward-equal
File name:HSBC TRANSFER PAYMENT SWIFT copy 04-06-2020 .pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:517'986 bytes
First seen:2020-06-03 11:23:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Wairmm7fZ3UYJn6KoHhTe4gtE2N/QWTaDMj7WOtXTSLY1:JtCRkSnXoHBeO2p5aDG+LY1
TLSH 04B4235591C4203EB9B6A8E62E283BA0EFBAB73D5653D468D4685CD4BDC44FEF130C12
Reporter abuse_ch
Tags:AgentTesla HSBC zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hsbc.com.ar
Sending IP: 103.114.104.116
From: LUCIANA BIDEVICH <maria.l.bidevich@hsbc.com.ar>
Subject: RE: TT PAYMENT CONFIRMATION slip
Attachment: HSBC TRANSFER PAYMENT SWIFT copy 04-06-2020 .pdf.zip (contains "HSBC TRANSFER PAYMENT SWIFT copy 04-06-2020 .pdf.exe")

AgentTesla SMTP exfil server:
mail.jaccontracting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:37:38 UTC
File Type:
Binary (Archive)
Extracted files:
32
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=is3kzxvifnkanfznke3ha2rczwlkuynjadf4pqsfyqlvip4zpnpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 44b6acdea82b5406972d5136706a22cd96aa61a900cbc7c245c417543f997b5f

(this sample)

AgentTesla

Executable exe 0254f414295e7637c690312621a7b21586d531bdfe058abd870c29587890b72e

  
Dropping
MD5 b5f2f29269e3f50dd9fcf9481de12c57
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0254f414295e7637c690312621a7b21586d531bdfe058abd870c29587890b72e

Comments