MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8db4f32cb21d636a59afa76b553e18802098f117df1940e7f78402218bcb960d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8db4f32cb21d636a59afa76b553e18802098f117df1940e7f78402218bcb960d
SHA3-384 hash: 2895f719f33319f9ef6b76e4c8d47287101a20f2a9651eb9870410836b0d384cf5956e61be39ec98fac46d963d64ecdc
SHA1 hash: e080ebea296dfbf07ca794d32fa84159f0ea1b90
MD5 hash: 5477606574c1ecdc50578aa2ea9df2b4
humanhash: equal-sixteen-enemy-minnesota
File name:Payment Advice_Pdf__________________________________________________________________________________
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'562'624 bytes
First seen:2020-05-27 06:44:22 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:Ltb20pkaCqT5TBWgNQ7a3NowRdSdzXgr80oyKdDHH4yIFX16A:IVg5tQ7a3NowaNgrtovtHYyU5
TLSH 6B75DF1363DE8364C3BE5173BA557711AE7B782506A1F8FB2FD8093CA9211211E0E66F
Reporter abuse_ch
Tags:AgentTesla HSBC


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: etisalat.ae
Sending IP: 172.93.189.149
From: HSBC PAYMENT ADVISING SYSTEM <noreply@etisalat.ae>
Subject: HSBC Beneficiary Payments Advice (COVID-19 IS REAL!! STAY SAFE)
Attachment: Payment Advice_Pdf__________________________________________________________________________________ (contains "Payment Advice_Pdf______________________________________________________________________________________~0.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27681.XorExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 07:17:02 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
15 of 30 (50.00%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 8db4f32cb21d636a59afa76b553e18802098f117df1940e7f78402218bcb960d

(this sample)

AgentTesla

Executable exe fbb838e50d66456115e0d8ac30bfd63eeba487de13cd25fbf8fceef7f2dd1ba9

  
Dropping
MD5 27f6606bc1821a60ee0fdf067616559d
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fbb838e50d66456115e0d8ac30bfd63eeba487de13cd25fbf8fceef7f2dd1ba9

Comments