MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6b3c3e7a9cb017d7dc5d4d3eda270fd09f8d950e6bf1861e9e3d7b87ebac875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6b3c3e7a9cb017d7dc5d4d3eda270fd09f8d950e6bf1861e9e3d7b87ebac875
SHA3-384 hash: 4d21ff5d8eec46f05724d4b301a70fbf7006581fafb91807497ebcf3dafb29fc25ae4146f58d307b410548aa3dc2d93e
SHA1 hash: a7df361032c8914aa2f526b8fd09f9ba802806df
MD5 hash: 92c085ba346b7610cf17a27fccd24946
humanhash: dakota-louisiana-hamper-burger
File name:HSBC_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:470'005 bytes
First seen:2020-08-17 13:53:29 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:PfO953VFMuEgbzE0N9xFCZYehOZmrn0QZoGJl1Pwp:niBVvJEO9XCZPOmrnUGX1Ip
TLSH 68A42375A432B1BDBE8618F263DF62D5EEF2CD408652CC843C0F615EE66BB799885D00
Reporter abuse_ch
Tags:AgentTesla gz HostGator HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway31.websitewelcome.com
Sending IP: 192.185.143.39
From: HSBC <paymentroom@hsbc.com>
Subject: Transaction TXT5091102 Successfully Completed
Attachment: HSBC_pdf.gz (contains "HSBC_pdf.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a6b3c3e7a9cb017d7dc5d4d3eda270fd09f8d950e6bf1861e9e3d7b87ebac875/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 13:55:08 UTC
AV detection:
14 of 48 (29.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2z4hz5jzmax27of2tj63itq7ue7rwkq427rqypj4pl3q7v2zb2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a6b3c3e7a9cb017d7dc5d4d3eda270fd09f8d950e6bf1861e9e3d7b87ebac875

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a6b3c3e7a9cb017d7dc5d4d3eda270fd09f8d950e6bf1861e9e3d7b87ebac875

(this sample)

AgentTesla

Executable exe aa9023f5a703af9d6ee84deadf49232572e1ab61d8faeee175db811a6878a6e6

  
Dropping
MD5 ab15d49f9125192eb4e083091428912c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa9023f5a703af9d6ee84deadf49232572e1ab61d8faeee175db811a6878a6e6

Comments