MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496
SHA3-384 hash: 82d2d7a9b29742b5c97acb42de532f446188cd7368974244c8bef83955bcc79d944e3b3ab6c395afcb0e6a2220616590
SHA1 hash: 604d8b71c0a8aa268705c8e94b909703739543be
MD5 hash: 4b4b4f1c153c00b6cce1ca3a2f264310
humanhash: papa-double-social-princess
File name:SWIFTTRM76EWDS.lzh
Download: download sample
Signature AgentTesla
File size:374'484 bytes
First seen:2020-06-30 06:30:09 UTC
Last seen:2020-06-30 10:41:33 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:fmCwEjUxyciGSRHjhjnh+bhRRt1GSO7rgb7Z3UvBrickWQqLj1NwUpu6:OCrjii/jlnO31GSO7rgbpUvdicWioUp/
TLSH D0842347FCEC21A5394E91B3C49FBBDB9578C932D98E58B76681A7CA6D8C810B17081C
Reporter @abuse_ch
Tags:AgentTesla HSBC lzh


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: sitc.vn
Sending IP: 192.119.71.157
From: "HSBC" <admin.hph@sitc.vn>
Reply-To: "HSBC" <saleslon@allimond.com>
Subject: SWIFT COPY: "Our Ref : PCX-062020-026480", Datum: 30.06.2020.
Attachment: SWIFTTRM76EWDS.lzh (contains "TRM76EWDS.com")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
CH Switzerland Low
Global High
# of uploads 2
# of downloads 29
Origin country FR FR
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 06:32:05 UTC
AV detection:16 of 31 (51.61%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 4.92%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments