MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd52f372ba50b822c78991d3861ee3b88c927d2fcb3abd0d255b7d619e43da6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd52f372ba50b822c78991d3861ee3b88c927d2fcb3abd0d255b7d619e43da6e
SHA3-384 hash: d6d9a017f9464cb4a9d2eb81b2e3fd6dbd3ddeb7b747eeb2b74de09cbeae86378ff8059d7c53f7ced4f91ae240266583
SHA1 hash: 4e1b2ef6c0d0798c8bd4c9f03847e3cb5c5cd445
MD5 hash: cfce0c35b91b9b92874a9aaf04b5ec1e
humanhash: jupiter-south-august-asparagus
File name:HSBC USD 44.151.83,.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:593'021 bytes
First seen:2020-10-26 10:07:58 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:RDc5LmBvd82LovlXLXlnma63jd2GNneB5u+LfO61gulfASmPDUiRB:R0Ll289XLlma63jd2YnF+Kaluwiv
TLSH C4C423A7D058C5381B507405F759D09222024B7FEBB77E6ECC93AB998E2241A3BFD2D1
Reporter abuse_ch
Tags:AgentTesla HSBC zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: stock.ovh
Sending IP: 51.178.87.221
From: contact@goprint.tn
Reply-To: fastonefast08@gmail.com
Subject: payment 44.151.83, USD
Attachment: HSBC USD 44.151.83,.zip (contains "HSBC USD 44.151.83,.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34931277.29856.25618.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd52f372ba50b822c78991d3861ee3b88c927d2fcb3abd0d255b7d619e43da6e/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-25 23:42:58 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvjpg4v2kc4cfr4jshjymhxdxcgje7jpzm5l2djfln6wdhsd3jxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cd52f372ba50b822c78991d3861ee3b88c927d2fcb3abd0d255b7d619e43da6e

(this sample)

AgentTesla

Executable exe 6980aeb611a463dd259e89d31b6a85a4b4363ead441790e55869c4073f533c0f

  
Dropping
MD5 8752473cc381bb2c5b227eae69da3717
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6980aeb611a463dd259e89d31b6a85a4b4363ead441790e55869c4073f533c0f

Comments