MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecc349f42b344348b21f8adbb176d894ac685dccc49a745bd6e67e047a972579. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ecc349f42b344348b21f8adbb176d894ac685dccc49a745bd6e67e047a972579
SHA3-384 hash: 0e8af0d8e1c7e917c30c5701ea24a98a4a1274fc01d37d5eb9ad0aa5d8a22c74e10696ebf7955db5ef16d5135116f784
SHA1 hash: bf7d3cf7772dfb2d32523357fc10be8888797469
MD5 hash: bb1c01cb8e6f90c9ce2b32af14265063
humanhash: massachusetts-lemon-ceiling-xray
File name:Prueba de pago.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:375'847 bytes
First seen:2020-06-19 16:39:04 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:8Hx7lBEvBypqFS8ESBsgJckPy0qvQDiBqewgH0wYVmLwE3B+0tQdU/F:wBEvBypqFS+SgJckPtiBqewW0woaJtQe
TLSH 3A842323A8E54D6077505C7F4299D3D54EC00A1FA6DF9ABAB4B0E0C1954FCE42F690EB
Reporter abuse_ch
Tags:AgentTesla BBVA ESP geo gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.viteltek.com
Sending IP: 104.237.144.27
From: BBVA BANCO <segurosbancomer@bbva.bancomer.com>
Subject: Re: AprobaciĆ³n de pago BBVA BANCO
Attachment: Prueba de pago.pdf.gz (contains "Prueba de pago.pdf.exe")

AgentTesla SMTP exfil server:
mail.trademaxperu.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 17:35:54 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5tbut5blgrburmq7rln3c5wysswgqxomysnhiw6w4z7ai6uxev4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz ecc349f42b344348b21f8adbb176d894ac685dccc49a745bd6e67e047a972579

(this sample)

AgentTesla

Executable exe 0b33dac5aa5963fc19e2db868690d76e0655d2bc6f1801eca5e1f26d903c16b0

  
Dropping
MD5 389440e46f7fd5e0faff3e9bef28a889
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0b33dac5aa5963fc19e2db868690d76e0655d2bc6f1801eca5e1f26d903c16b0

Comments