MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 657acc899ec3972398774596155c9d6be674be30c035b42e68123d96539af6d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 657acc899ec3972398774596155c9d6be674be30c035b42e68123d96539af6d5
SHA3-384 hash: f539105eaad91d8efcbaece44a0af3f0f844795f91c10bc64069894380b06da837353fef861d9234c62cff29f6b2e6d5
SHA1 hash: 11b17138c36809a7aee6b54642293cf3df25fb4d
MD5 hash: 11c90978c9a6c98df337da10c2a8039e
humanhash: princess-march-kitten-eight
File name:Swift00634-Payment.receipt.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:962'201 bytes
First seen:2020-05-12 16:29:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:31sKKvLwsfmW+Plf6FaAFsJzmCqnDZHROizlfRBBIHzKz:3yKKvUzW5nUzmFDBAQXqU
TLSH AB253308F08527DD6BEA095D0A87B1185B118B2C9DC3CB4FB5EFD9C14CF66B9AB06079
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: srv40.creattiva.cl
Sending IP: 200.35.157.40
From: Standard Bank <no-reply@standardbank.com>
Subject: ADVICE FROM STANDARD CHARTERED BANK - REF:3400032522400020 GERAKAN TEKNIK SDN BHD
Attachment: Swift00634-Payment.receipt.zip (contains "Swift00634-Payment.receipt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AutoIT-3.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 16:36:58 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mv5mzcm6yolshgdxiwlbkxe5npthjprqya23iltici6zmu4263kq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 657acc899ec3972398774596155c9d6be674be30c035b42e68123d96539af6d5

(this sample)

AgentTesla

Executable exe 0cb6d17c8e1872666af107191c97fb8a73c5b3882b7b63b41cd4b166e8f7667e

  
Dropping
MD5 c28eb7718b2e87e55f7b7cfeecd0c18f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cb6d17c8e1872666af107191c97fb8a73c5b3882b7b63b41cd4b166e8f7667e

Comments