MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496
SHA3-384 hash: 82d2d7a9b29742b5c97acb42de532f446188cd7368974244c8bef83955bcc79d944e3b3ab6c395afcb0e6a2220616590
SHA1 hash: 604d8b71c0a8aa268705c8e94b909703739543be
MD5 hash: 4b4b4f1c153c00b6cce1ca3a2f264310
humanhash: papa-double-social-princess
File name:SWIFTTRM76EWDS.lzh
Download: download sample
Signature AgentTesla
Create hunting rule
File size:374'484 bytes
First seen:2020-06-30 06:30:09 UTC
Last seen:2020-06-30 10:41:33 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:fmCwEjUxyciGSRHjhjnh+bhRRt1GSO7rgb7Z3UvBrickWQqLj1NwUpu6:OCrjii/jlnO31GSO7rgbpUvdicWioUp/
TLSH D0842347FCEC21A5394E91B3C49FBBDB9578C932D98E58B76681A7CA6D8C810B17081C
Reporter abuse_ch
Tags:AgentTesla HSBC lzh


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: sitc.vn
Sending IP: 192.119.71.157
From: "HSBC" <admin.hph@sitc.vn>
Reply-To: "HSBC" <saleslon@allimond.com>
Subject: SWIFT COPY: "Our Ref : PCX-062020-026480", Datum: 30.06.2020.
Attachment: SWIFTTRM76EWDS.lzh (contains "TRM76EWDS.com")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 06:32:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zc7jf7u7mxsk7ls2pybqz2boozdpduzg67bygoo75ablvftiksla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c8be92fe9f65e4afae5a7e030ce82e7646f1d326f7c38339dfe802ba96685496

(this sample)

AgentTesla

Executable exe 052148f226d2b1e51ca7318eacda6906765138d2e28b290558a2b7003e9f6634

  
Dropping
MD5 fa54db10aba75c0b629fea0c37e64de3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 052148f226d2b1e51ca7318eacda6906765138d2e28b290558a2b7003e9f6634

Comments