MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 928ba3dcf6a7205839e9d3ac1b9430fe50c3f81873da5808f34af32c09d0af28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 928ba3dcf6a7205839e9d3ac1b9430fe50c3f81873da5808f34af32c09d0af28
SHA3-384 hash: 2540e3e6f13ffd28d450a20a35e5a7debec05276db94d6646dab0a74630ea817de1fd56139fa20954f78b66a0d2948c8
SHA1 hash: 763fa81dcfe29384f5af379773df9a3992120d5f
MD5 hash: 99547529561810c25a4565aa2b66cdb6
humanhash: freddie-video-mike-east
File name:HSBC Payment Advice_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:467'476 bytes
First seen:2020-07-16 10:03:52 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:OEhal0iAnt4u3BmW3slZVXXtXKhdFfRTL:OwalqtdmWSZyhfZX
TLSH D2A42309955024FD7B8F478E8B25EDBF7A142098EF631BA0DCA07776470194396FF886
Reporter abuse_ch
Tags:AgentTesla gz HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vmh18397.hosting24.com.au
Sending IP: 103.237.108.115
From: HSBC BANK LIMITED <advising.service@mail.hsbcnet.hsbc.com>
Subject: Payment Copy? - Tips Ref: [MT103] / Payment Priority / Customer Ref: [37035930FS37289]
Attachment: HSBC Payment Advice_pdf.gz (contains "HSBC Payment Advice_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/928ba3dcf6a7205839e9d3ac1b9430fe50c3f81873da5808f34af32c09d0af28/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:05:11 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=skf2hxhwu4qfqopj2owbxfbq7zimh6ayopnfqchtjlzsycoqv4ua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 928ba3dcf6a7205839e9d3ac1b9430fe50c3f81873da5808f34af32c09d0af28

(this sample)

AgentTesla

Executable exe 53f84a636705d923e6166e6924f8c548ac2086d88e24f8ad823a5f186ddb0091

  
Dropping
MD5 fbc8af050e0835f5e53b3af8959283a1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53f84a636705d923e6166e6924f8c548ac2086d88e24f8ad823a5f186ddb0091

Comments