MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1038a7fba14669da250c56695fa37ff7f435a523e1ea22116531eb9e44e16d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1038a7fba14669da250c56695fa37ff7f435a523e1ea22116531eb9e44e16d7
SHA3-384 hash: d52a60c8f619a898d944a648b4ff76055aa42ba5cb947eb60aa44f8266b21f39ee7cf850ee4480a1a8cc71cbc2a69149
SHA1 hash: 545cca1b0b960235d884abe3fb5a1b5b6a94d778
MD5 hash: 9d1775d7431d2619bd5ee7d74a1d024b
humanhash: king-winner-nebraska-michigan
File name:0020203849.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:592'189 bytes
First seen:2020-04-30 07:48:55 UTC
Last seen:2020-04-30 09:53:19 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:uTkfvxTrIhNc7IVgOZgEou0K9E1Ee1FHAEmLREYOrSlZyfKWpv:u4h/IC6iEF0OE1EamK5rEZyiWR
TLSH E4C42375C31B3B3CAE62FC096B8E6107BF9231D24205471F65B842DF276DB601A68A76
Reporter abuse_ch
Tags:AgentTesla gz HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.hsbcnet.hsbc.com
Sending IP: 103.207.38.155
From: HSBC Advising Service <advising.service.105399952.810805.2680324820@mail.hsbcnet.hsbc.com>
Reply-To: HSBC Advising Service <secorintal1@gmail.com>
Subject: Payment Advice - Advice Ref:[GLV124182676] / ACH credits / Customer Ref:[100000265388] / Second Party Ref:[KW05200000032220]
Attachment: 0020203849.gz (contains "0020203849.exe")

Intelligence

File Origin
# of uploads :
3
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 05:23:27 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ebyu752crtj3isqyvtjl6rx757ugwsshypkeiiwkmpltzcoc3lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz d1038a7fba14669da250c56695fa37ff7f435a523e1ea22116531eb9e44e16d7

(this sample)

AgentTesla

Executable exe 80f5cd1ba2db21fc245afe8d6e17c1db669516cf3ae5cd104733841b459e3d4f

  
Dropping
MD5 fd18341aeaf201103a5f5fb8f131240b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80f5cd1ba2db21fc245afe8d6e17c1db669516cf3ae5cd104733841b459e3d4f

Comments