MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34a8e4ae7107286f0b77c6fd8606a9a7646951d653807af30a73342de87580d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34a8e4ae7107286f0b77c6fd8606a9a7646951d653807af30a73342de87580d3
SHA3-384 hash: bb7c8da62c9c50283022713172d2277a855af6d929c7c2bb08d030968f7d33bced147d871722f862e65a6057911fe9c6
SHA1 hash: bb0f2c1b3de142501d6a66ff514f4facb351305d
MD5 hash: 4ef48db6bd9e56a4ca8145eeb63e3487
humanhash: uniform-sixteen-spaghetti-pennsylvania
File name:HSBC payment advice EGHKEB0C01725410-T02-pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:875'770 bytes
First seen:2021-05-11 12:28:40 UTC
Last seen:2021-05-11 13:05:38 UTC
File type: gz
MIME type:application/gzip
ssdeep 12288:HKwuUwHLTPKFpk7RjSPS5XrljrCL/6bUMwJIrdR04Npuo9eAZjmQthAEqCkXxZTZ:qGwHPKF+jdRq/4SIRR0EpTJZjp67bkod
TLSH 431533680ECB7C09C78163E475B572AEB2DC43C1FBB994D46A4819A0F165E23FBB41C5
Reporter cocaman
Tags:gz HSBC INVOICE TNT


Avatar
cocaman
Malicious email (T1566.001)
From: "TNT Express <info@tntexpress.com>" (likely spoofed)
Received: "from ptjasaci.verio.com (unknown [64.150.160.67]) "
Date: "Tue, 11 May 2021 19:26:32 +0700"
Subject: "TNT Import Invoice No : 0191069281 - HAWB No : 11044116911."
Attachment: "HSBC payment advice EGHKEB0C01725410-T02-pdf.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Scr.Malcodegdn30.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34a8e4ae7107286f0b77c6fd8606a9a7646951d653807af30a73342de87580d3/
Threat name:
ByteCode-MSIL.Trojan.ZmutzyPong
Create hunting rule
Status:
Malicious
First seen:
2021-05-11 12:29:13 UTC
File Type:
Binary (Archive)
Extracted files:
23
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gsuojltra4ug6c3xy36ymbvju5sgsuowkoahv4ykom2c32dvqdjq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210511-qlldm6xshs/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates physical storage devices
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34a8e4ae7107286f0b77c6fd8606a9a7646951d653807af30a73342de87580d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 34a8e4ae7107286f0b77c6fd8606a9a7646951d653807af30a73342de87580d3

(this sample)

AgentTesla

Executable exe 7bc6a25d60011a784a488b24aef18f3352edacc5a9b81ce5f2410e9c4448e208

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7bc6a25d60011a784a488b24aef18f3352edacc5a9b81ce5f2410e9c4448e208

Comments