MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79fe29e35fc9cd34f5ac0f6654ae5e587ac2b532547674820034614b561aa1a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79fe29e35fc9cd34f5ac0f6654ae5e587ac2b532547674820034614b561aa1a6
SHA3-384 hash: 483e9843ecb50fb9d4e3145ee629382c2bbeed9d6ab30da8abfc2c620001203e9a9420da64794110d2f655e739f7156b
SHA1 hash: 7c91ff9c5f4758da480c9e68563776dceb1be43b
MD5 hash: 236411b9d5cb7afc5dc49d79a0002045
humanhash: carpet-social-venus-golf
File name:Advice Ref GLVA20487187 Priority payment Customer Ref4100195101011820_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:362'949 bytes
First seen:2020-05-14 07:31:22 UTC
Last seen:2020-05-15 04:42:40 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:1FZOCwHikuYD1oat80q+1B9AXXC5Wir0sZYfFViEecozePkl0W7E4EqSRx:dShdD1Jq2/6gzC9VbeTePklpIYS7
TLSH 467423955B5362A7E10A45F8EF1EC330AFD2D6C0CAC7AE1DB10CEFE955760329251A0E
Reporter abuse_ch
Tags:AgentTesla HSBC rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 45-138-132-30.derakhshanrah.com
Sending IP: 45.138.132.30
From: HSBC Advising Service <advising.service.287064318.748224.2346418742@mail.hsbcnet.hsbc.com>
Reply-To: HSBC Advising Service <soomla6384@yahoo.com>
Subject: FW: SWIFT COPY - Advice Ref: [GLVA20487187]/ Customer Ref!!!
Attachment: Advice Ref GLVA20487187 Priority payment Customer Ref4100195101011820_pdf.rar (contains "Advice Ref GLVA20487187 Priority payment Customer Ref[4100195101011820_pdf.exe")

AgentTesla SMTP exfil server:
premium80.web-hosting.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 07:36:50 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ph7cty27zhgtj5nmb5tfjls6lb5mfnjskr3hjaqagrquwvq2ugta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 79fe29e35fc9cd34f5ac0f6654ae5e587ac2b532547674820034614b561aa1a6

(this sample)

AgentTesla

Executable exe c1020721ce654c2bce5442cccead770af69aa5fcc1d0ebe48b76d35eb17e26c5

  
Dropping
MD5 ad0d449b0d157f4815bd7e5299c490c5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c1020721ce654c2bce5442cccead770af69aa5fcc1d0ebe48b76d35eb17e26c5

Comments