MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c2b5eff5d4a6f4e736a6300c3369a6afc5cba9c754f8f5538d38415847698e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c2b5eff5d4a6f4e736a6300c3369a6afc5cba9c754f8f5538d38415847698e0
SHA3-384 hash: d9efaa4cfddbf7f3dee9ddb7ae161d1873774634957e2910eb4b75fd040f7ec30764b634cc19a9d37738801c8a199b77
SHA1 hash: 65c678e6f407008e242e7a3bd4dda30178a45ecf
MD5 hash: 80c419bc2a429d1de73c9ebc1328b3eb
humanhash: virginia-magazine-iowa-virginia
File name:TT Copy_pdf.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'835'008 bytes
First seen:2021-04-05 06:32:06 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:Bvi9zIyVW443SZaCv4YbWFyhEt88V5Sz3onFMwsnIBPjj13FzRD70apKEeTUoGzQ:4983bszvdE5Sz4CfnAjTSD/TGPKA
TLSH AC859BD1ED87D204D8561AF0D82FC15C5662EF086F2DED09698CF3490B72A8ECAD56F2
Reporter abuse_ch
Tags:AgentTesla HSBC img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.serversendmail.live
Sending IP: 77.83.172.183
From: HSBC Advising Service <payment-hsbc@serversendmail.live>
Subject: T/T payment Bank slip for Proforma Invoice
Attachment: TT Copy_pdf.img (contains "TT Copy_pdf.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.312740.4542.31032.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c2b5eff5d4a6f4e736a6300c3369a6afc5cba9c754f8f5538d38415847698e0/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-04-05 04:30:41 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqvv5725jjxu443kmmamgnu2nl6fzou4ovhy6vjy2ocblbdwtdqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/4c2b5eff5d4a6f4e736a6300c3369a6afc5cba9c754f8f5538d38415847698e0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 4c2b5eff5d4a6f4e736a6300c3369a6afc5cba9c754f8f5538d38415847698e0

(this sample)

AgentTesla

Executable exe 629b3cae35bc68dd937d25e65631dcaa81a436286292c0be2d308708964f4417

  
Dropping
MD5 b9d093bf845f6565c9e254967566579d
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 629b3cae35bc68dd937d25e65631dcaa81a436286292c0be2d308708964f4417

Comments