MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c114e4fa0d56dda5a7e78fafd87a28b4a32bb8f5ddcf1c5f66d80be21987df1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c114e4fa0d56dda5a7e78fafd87a28b4a32bb8f5ddcf1c5f66d80be21987df1
SHA3-384 hash: db17817be9462a35b983edd13f9bbc6fa22fd9d919698fffd0e10adff874317eb4f7346de99ac176f48a4539d3cd04b0
SHA1 hash: 2888ea31c378c6c1374e901f9bd8a6821a9ed73a
MD5 hash: 36b92396e9b114b4c1179937a0693e31
humanhash: pennsylvania-william-wolfram-mockingbird
File name:PAYMENT SWIFT COPY . print-out . pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:392'986 bytes
First seen:2020-06-12 09:48:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:LCaUuebU6BVtKBzVy5prZT1QJe/jKvq13TVANGl7jvGyf4tFfPBTS:51lBadfQJUWvq5T6Kjz4t/e
TLSH 6784235A892F972EE9EB09764538D0A476BDC0A8770131FEC9CBACA5D7CB14043E06DD
Reporter abuse_ch
Tags:AgentTesla HSBC zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hsbc.com.ar
Sending IP: 103.141.136.136
From: Nahuel FORTI <nahuel.forti@hsbc.com.ar>
Subject: RE: PAYMENT TRANSFER STATEMENT
Attachment: PAYMENT SWIFT COPY . print-out . pdf.zip (contains "PAYMENT SWIFT COPY . print-out . pdf.exe")

AgentTesla SMTP exfil server:
mail.aaakuwait.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.8252.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 09:50:10 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqiu4t5a2vw5uwt6pd5p3b5crnfdfo4plxopdrpwnwal4imypxyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7c114e4fa0d56dda5a7e78fafd87a28b4a32bb8f5ddcf1c5f66d80be21987df1

(this sample)

AgentTesla

Executable exe b4dcf7ec30ed8d385321f1a7f44d518782c7ae50cde220098388d1c5acbda544

  
Dropping
MD5 ffb44623a1fc9aeb6c94d74d13b32409
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4dcf7ec30ed8d385321f1a7f44d518782c7ae50cde220098388d1c5acbda544

Comments