MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 683f504b6586f7baede12f57a1ab06869a31ce334303bc17cc21480ae8095bde. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 683f504b6586f7baede12f57a1ab06869a31ce334303bc17cc21480ae8095bde
SHA3-384 hash: 839061e4048684ddd6e3a1dbe9e18bbe777f76f169b036c8afc225e6b500a2fcbe6cfa0d24856a9a65cc25490cac5392
SHA1 hash: 6e5877326b807db98cb35a57b5112a11d04337c6
MD5 hash: c3c6ab7b1892dcb25d6282b409870cc4
humanhash: twelve-zebra-rugby-snake
File name:SWIFT COPY.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:431'990 bytes
First seen:2020-04-30 08:56:00 UTC
Last seen:2020-04-30 11:04:03 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:/5phbPxtQn6FXjjuz5GHjZ7wUdZ/t3Jb9khN1wGopc2W7+dzUKGuxU7kVlj6zYNw:xAn6UzajZPZdJb6qpvW7KU7gj6zYxc
TLSH 349423DDBAA655067444BF70A21D0D241BBF2605CB79B3A3BDA4701B86E027E43EC787
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: smtp.safemail.it
Sending IP: 147.123.1.124
From: Ghiath Algharaibeh <csd-a351@mst-dealer.com>
Subject: Re: Bank Transfer Slip
Attachment: SWIFT COPY.gz (contains "SWIFT COPY.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Autorun
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 01:21:58 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 30 (53.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=na7vas3fq333v3pbf5l2dkygq2nddtrtimb3yf6mefeav2ajlppa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 683f504b6586f7baede12f57a1ab06869a31ce334303bc17cc21480ae8095bde

(this sample)

AgentTesla

Executable exe f78bf6115eb4acfebf2b8b77992e5fd701a36df9b4b2bb4bf4cdcc75e9112ce1

  
Dropping
MD5 77b8c0c1b1cd401cbfe1ba8e6c86bd0b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f78bf6115eb4acfebf2b8b77992e5fd701a36df9b4b2bb4bf4cdcc75e9112ce1

Comments