MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf8c85c3077e36841bd783532d92c6952fb112be5c9d254f9cae7050d4017fb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf8c85c3077e36841bd783532d92c6952fb112be5c9d254f9cae7050d4017fb9
SHA3-384 hash: 05d033314991151b8d05a7787771bf57f8e1ef1cdcfdab22c95fceb36f3ba170643be9d3879624f77870c59f3ec5af50
SHA1 hash: a2ad6079a5f10a921c44ad2f4ade47eff5c76b24
MD5 hash: d3b0c873b0aabbb6d03be83a655e493a
humanhash: sad-virginia-network-alabama
File name:Account update for your HDFC Bank.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:502'866 bytes
First seen:2020-08-13 13:41:59 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:8ocEvYbMQwC1PalR9M/XLvO9D3bP5ms0tIRKVf:07MQt1Sb9M/bALbBOIRKVf
TLSH 76B4238CAD2D9908C7023C11DEC4D68DE87BAFEEDB29256448D9D7DEAF1B414E9C1231
Reporter abuse_ch
Tags:AgentTesla Endurance gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qproxy5-pub.mail.unifiedlayer.com
Sending IP: 69.89.21.30
From: HDFC Bank InstaAlerts <finance@catscanterbury.com>
Subject: View: Account update for your HDFC Bank A/c
Attachment: Account update for your HDFC Bank.gz (contains "Account update for your HDFC Bank.exe")

AgentTesla SMTP exfil server:
mail.wingsofmusic.com.au:587

AgentTesla SMTP exfil email address:
seed@wingsofmusic.com.au

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Zusy.311248.5720.6726.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf8c85c3077e36841bd783532d92c6952fb112be5c9d254f9cae7050d4017fb9/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 13:43:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6gilqyhpy3iig6xqnjs3ewgsux3cev6lsoskt44vzyfbvabp64q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf8c85c3077e36841bd783532d92c6952fb112be5c9d254f9cae7050d4017fb9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bf8c85c3077e36841bd783532d92c6952fb112be5c9d254f9cae7050d4017fb9

(this sample)

AgentTesla

Executable exe d63afe1ea3ed68602cf36e5f78e76143fd7c70a1a2bfada402d1d5cc6428c68e

  
Dropping
MD5 bcf574afc811840b231926806ece4551
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d63afe1ea3ed68602cf36e5f78e76143fd7c70a1a2bfada402d1d5cc6428c68e

Comments