MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 806739222ffaed70608883fc8f825a1a6550b071946fe370e63dff0f50dd640e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 3 Yara Comments

SHA256 hash: 806739222ffaed70608883fc8f825a1a6550b071946fe370e63dff0f50dd640e
SHA3-384 hash: 8ec682f2ebf1ff26c0817af4728854a576e00aa1499577df57b6e9afd4fe94861090d939219576be4c09290eff19ff86
SHA1 hash: 18001149ab9cac574b43ae64646600eca00ac0bf
MD5 hash: c56a303609aed297daeaa2168d7d3ff5
humanhash: purple-ten-nineteen-social
File name:Bank account swift.exe
Download: download sample
Signature AgentTesla
File size:431'616 bytes
First seen:2020-06-30 17:53:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 12288:OfNl+cfwvKCR9xv+mgzuG13EuOPDUl55:OfNl+NvLvNGJEuOQlL
TLSH 459402B13369572ADAFA87B4247008540FF6653FB120D32D1E8169CE49B7F8086A5FA7
Reporter @abuse_ch
Tags:AgentTesla exe

Malspam distributing AgentTesla:

Sending IP:
From: bank of china<>
Subject: Bank account swift
Attachment: Bank account swift.pdf.rar (contains "Bank account swift.exe")


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 35
Origin country FR FR
CAPE Sandbox Gathering data
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 17:55:05 UTC
AV detection:21 of 31 (67.74%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 23.29%

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe 806739222ffaed70608883fc8f825a1a6550b071946fe370e63dff0f50dd640e

(this sample)

Dropped by
MD5 e61c94352dec607bb4d1010543f26528
Delivery method
Distributed via e-mail attachment