MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b054153d4002d59da6df05191786d07e59505ec5d9122cfd510c5e917bc01fcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b054153d4002d59da6df05191786d07e59505ec5d9122cfd510c5e917bc01fcd
SHA3-384 hash: 4ae3ff33578372e61965d18f6298de1514aa38a25c0fab59f1e4c58945fe5a7909e6f72cbd93d033734050a86b368bba
SHA1 hash: a571a4b620d6d3880154e3be6488153ae1b9550c
MD5 hash: be67abd554cddd58004313107deb273b
humanhash: single-harry-mexico-xray
File name:PAYMENT_ADVICE.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:403'889 bytes
First seen:2020-07-21 06:39:38 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:OnwzSeiFdpHJrNmewLi7zM0J67Bapom3cZ:qMPEH1sOHM0Q9aD3cZ
TLSH 47842397057415F4D4E5926620882EDB9A4CD4DE1B0222C4E2BC3AB77FE71DBC7E324A
Reporter abuse_ch
Tags:AgentTesla gz HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: HSBC Advising Service <advising.service.9327620.828655.2857001560@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[GLV720841970] / ACH credits / Customer Ref:[9000005614] / Second Party Ref:[] 付款通知書 - 通知書參考編號 Ref:[GLV720841970] / ACH credits / 客戶參考編號:[9000005614] / 第二方參考編號:[]
Attachment: PAYMENT_ADVICE.gz (contains "PAYMENT_ADVICE.exe")

AgentTesla SMTP exfil server:
mail.kinangopdairy.co.ke:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b054153d4002d59da6df05191786d07e59505ec5d9122cfd510c5e917bc01fcd/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 06:41:05 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbkbkpkaalkz3jw7aumrpbwqpzmvaxwf3ejcz7krbrpjc66ad7gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b054153d4002d59da6df05191786d07e59505ec5d9122cfd510c5e917bc01fcd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b054153d4002d59da6df05191786d07e59505ec5d9122cfd510c5e917bc01fcd

(this sample)

AgentTesla

Executable exe b4e29b2c8ddeddb4aca873321f9d0ca3271c086ad5e624ca5c928751a49c5cef

  
Dropping
MD5 662e8db037db250cea8c0de931d45b9f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4e29b2c8ddeddb4aca873321f9d0ca3271c086ad5e624ca5c928751a49c5cef

Comments