MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85369e80dea27ddd44ec44e9a4a6392b2c7bbac72b67afba12b99cf52ce08e30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85369e80dea27ddd44ec44e9a4a6392b2c7bbac72b67afba12b99cf52ce08e30
SHA3-384 hash: 5402429962e3f011824426c37e159269b0978f24210109adfbb5a8485c53794137b8d85e70b5872d69206d8cb69af1ca
SHA1 hash: 6ffb460d8182f8b62a956d49dc3474fa56690c2b
MD5 hash: 1d6650b3f406ac97ce78f554c32a4656
humanhash: kilo-beryllium-kitten-pizza
File name:Payment_Advice,pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'154 bytes
First seen:2020-06-04 07:21:49 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:W21NZkSa/R3+FFsRqAzFYqzlrYuFDRxRLEk+7S4GEqtnor1KXdETHVhsDbHn1:WoKR3+FeMWlNRFDRx1Ek+P7p1KXdETE1
TLSH 8E842386D806C1D50F1A89832BB78B48F5616E8E1E5A41FDE0FD70335E0FFED64609A6
Reporter abuse_ch
Tags:AgentTesla HSBC z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-735201.hostwindsdns.com
Sending IP: 104.168.175.183
From: HSBC Advising Service <advising.service.9675976.771724.2434662806@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[GLV908109269] / Priority payment / Customer Ref:[UNMATCHED]
Attachment: Payment_Advice,pdf.z (contains "Payment_Advice,pdf.exe")

AgentTesla SMTP exfil server:
smtp.vivaldi.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 07:37:24 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qu3j5ag6uj652rhmitu2jjrzfmwhxowhfnt27oqsxgopklharyya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 85369e80dea27ddd44ec44e9a4a6392b2c7bbac72b67afba12b99cf52ce08e30

(this sample)

AgentTesla

Executable exe 7d3df8018aa35ffa34ccdc69da0bebd7c1061d280a86442ddfc0775a5c2b4ea5

  
Dropping
MD5 a1945aca745981a361df645a90592547
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d3df8018aa35ffa34ccdc69da0bebd7c1061d280a86442ddfc0775a5c2b4ea5

Comments