MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78e71180458723803af200657c3e7808c83aee0db67bbbacde8a3821b7ec9063. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78e71180458723803af200657c3e7808c83aee0db67bbbacde8a3821b7ec9063
SHA3-384 hash: b74719ab55c94fd1cbf4ee86e3245f84a9142f62c5726d17bd3d2d67bf78e25104dd3c2f76e5ed56f5fd0965acb70bdc
SHA1 hash: 0e6a3cbd0039228fe3251695e9fa6d366dc85b31
MD5 hash: 45ca31ae61460320312b469a5650be18
humanhash: kansas-november-snake-uncle
File name:HSBCWE1123.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:960'354 bytes
First seen:2020-12-18 12:11:46 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 24576:9eWbXefyNaLh2oyMWUC8kbrGqolRDWwzAkurQ:9eEefUaNtC18WXUALc
TLSH 7015335D8011ECBB19B5E27B78DB76637BF96988F0B2CA83D98F10A08E34171C399D45
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Jeremy Heseih <uzimpex@sarkor.uz>" (likely spoofed)
Received: "from sarkor.uz (unknown [37.49.225.12]) "
Date: "18 Dec 2020 12:22:35 +0100"
Subject: "Payment advice-BFTI_EFT7602019123014010054_18_760"
Attachment: "HSBCWE1123.Gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
179
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78e71180458723803af200657c3e7808c83aee0db67bbbacde8a3821b7ec9063/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-12-18 11:28:28 UTC
File Type:
Binary (Archive)
Extracted files:
41
AV detection:
12 of 29 (41.38%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pdtrdacfq4ryaoxsabsxyptybdedv3qnwz53xlg6ri4cdn7msbrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/78e71180458723803af200657c3e7808c83aee0db67bbbacde8a3821b7ec9063

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 78e71180458723803af200657c3e7808c83aee0db67bbbacde8a3821b7ec9063

(this sample)

AgentTesla

Executable exe 0fdcf2e9b24b61f7772652645c29ab2f0e1368fc3d83dfa6f206a4dae1b21ad6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0fdcf2e9b24b61f7772652645c29ab2f0e1368fc3d83dfa6f206a4dae1b21ad6
  
Dropping
AgentTesla

Comments