MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c6b9bb4b5be56d5737e1f140669ae6b05e7668ea49c5872bf949bcc2dc48a0c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c6b9bb4b5be56d5737e1f140669ae6b05e7668ea49c5872bf949bcc2dc48a0c
SHA3-384 hash: 99ad6561a267d10dda402a0b179a8d8f176cae4190cdb3b8058f5870bd78872101dfab7c68d89dee5728a1acac9488b6
SHA1 hash: 79a2914fc50959e74fe422b8ebf79bc88acf32ef
MD5 hash: 78b68fac7b99a28c1b530813e8c91f64
humanhash: mockingbird-paris-blue-beer
File name:TT DOCUMENTS.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:406'302 bytes
First seen:2020-08-05 14:58:25 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 6144:LVb9JVS1Fsp7PdwFQciXNtjm05MV1niLCcF+3C3VdVBsA6y8QT+NgaileRm+:KuPSuciD/MVNiY3C3nVBz6y8qqnir+
TLSH 69842332807CD28E8B6EF7E6E625773C36BC2B3C06C2D9460A056A977854758BD86D43
Reporter abuse_ch
Tags:7z AgentTesla HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: serve0.allarycorpltd.pw
Sending IP: 104.168.171.19
From: HSBC Advising Service <hsbc@allarycorpltd.pw>
Subject: Payment Advice - Advice Ref:[GLV701467537] / Priority payment / Customer Ref:[7365467357:93]
Attachment: TT DOCUMENTS.7z (contains "TT DOCUMENTS.exe")

AgentTesla SMTP exfil server:
mail.teamlacroce.it:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c6b9bb4b5be56d5737e1f140669ae6b05e7668ea49c5872bf949bcc2dc48a0c/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lrvzxnfvxzlnk436d4kam2nonmc6ozuousofq4v7ssn4yloeriga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5c6b9bb4b5be56d5737e1f140669ae6b05e7668ea49c5872bf949bcc2dc48a0c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 5c6b9bb4b5be56d5737e1f140669ae6b05e7668ea49c5872bf949bcc2dc48a0c

(this sample)

AgentTesla

Executable exe bf0b665a0ce42c70bc73bd8634339da01d819e8e973ed775b53b612dd9ead1b8

  
Dropping
MD5 0c6e0ba495d43d5bf75dfc146c0250ff
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf0b665a0ce42c70bc73bd8634339da01d819e8e973ed775b53b612dd9ead1b8

Comments