MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbb1f2c5ea31f3a1eaef343bc5d307666f97f398e5f417963ed95ca7a909c259. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbb1f2c5ea31f3a1eaef343bc5d307666f97f398e5f417963ed95ca7a909c259
SHA3-384 hash: 9fa4939b2d275fd57bfbfe093bd73552095af8d9b8a7c552752bcf6d29098f03ec2e60a9e28d9330277d842f9dda226d
SHA1 hash: 2077d5f29f4b1586800b1161b81a5a7907942859
MD5 hash: e4900e3550beb76183f9b7ecec153c2d
humanhash: purple-louisiana-alaska-coffee
File name:HSBC Payment Advice_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:479'909 bytes
First seen:2020-07-16 07:47:04 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:lqtl3v8djoclLFrIgwUWIqGlzGQ2wPe+/P:l05Edj7L5XWIqGJGQ9Pp
TLSH CDA4234FC56DD7412E590CA9F86C32CB1C342D89134D69738EFA64F9B2AD1A3D41EA38
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email
From: HSBC BANK LIMITED <advising.service@mail.hsbcnet.hsbc.com>
Received: from vmh18397.hosting24.com.au (vmh18397.hosting24.com.au [103.237.108.115])
Date: Thu, 16 Jul 2020 17:38:41 +1000
Subject: Payment Copy? - Tips Ref: [MT103] / Payment Priority / Customer Ref:
[37035930FS37289]
Attachment: HSBC Payment Advice_pdf.gz

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbb1f2c5ea31f3a1eaef343bc5d307666f97f398e5f417963ed95ca7a909c259/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:49:05 UTC
File Type:
Binary (Archive)
Extracted files:
97
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xoy7frpkghz2d2xpgq54luyhmzxzp44y4x2bpfr63fokpkijyjmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bbb1f2c5ea31f3a1eaef343bc5d307666f97f398e5f417963ed95ca7a909c259

(this sample)

AgentTesla

Executable exe 812f79b6a6beba3214cee4b325afb9c5483100aa082bb2e90ea7a6ce835661a0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 812f79b6a6beba3214cee4b325afb9c5483100aa082bb2e90ea7a6ce835661a0

Comments