MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e73928f0ecf5a51d63a652b61cbedf07b833a2d4a492084da22443cee7bf960. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e73928f0ecf5a51d63a652b61cbedf07b833a2d4a492084da22443cee7bf960
SHA3-384 hash: bd14ae26ee5d6802f0d79416d827e90b87278bbd8ceb544c37d1f9827b9ccac7b2da2d7169b5b02d42b4ac571ddeaa99
SHA1 hash: 0cd7c2af52e6709d4b17a2260029605d8119d253
MD5 hash: ce0ade3f4ac1896aa4b3bf4e594425df
humanhash: robert-beryllium-fix-mirror
File name:HSBc20210216B1.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:574'731 bytes
First seen:2021-04-09 05:30:42 UTC
Last seen:2021-04-09 05:31:28 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:4A7w1ekegE06PcZSyBAKzk07x1KYQKxwNGYA/HyWaqkE:4A7dvPcZ/AEN7xtxwbmHqw
TLSH 52C423CFA76960F82C8E3FF30C9A9717EAEC34C13DE0C55159A60A274647C99C897963
Reporter cocaman
Tags:AgentTesla HSBC r15


Avatar
cocaman
Malicious email (T1566.001)
From: "pragun@sge.com.np" (likely spoofed)
Received: "from sge.com.np (unknown [185.222.57.157]) "
Date: "08 Apr 2021 15:34:54 -0700"
Subject: "RE:Payment advice for SN 951606"
Attachment: "HSBc20210216B1.r15"

Intelligence

File Origin
# of uploads :
3
# of downloads :
148
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e73928f0ecf5a51d63a652b61cbedf07b833a2d4a492084da22443cee7bf960/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 21:50:40 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
2 of 48 (4.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzzzfdyoz5nfdvr2muvwds7n6b5ygornjjesbbg2ejcdz3t37fqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e73928f0ecf5a51d63a652b61cbedf07b833a2d4a492084da22443cee7bf960

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1e73928f0ecf5a51d63a652b61cbedf07b833a2d4a492084da22443cee7bf960

(this sample)

AgentTesla

Executable exe 09da75e972eea8d8c85620d9cc9b7b367f357c0fe378b2336d265a29b2af385f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 09da75e972eea8d8c85620d9cc9b7b367f357c0fe378b2336d265a29b2af385f
  
Dropping
AgentTesla

Comments