MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd988b13c8f53beb75b2cfe1af636c0293a5c2d504696301184616a821cfaba9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd988b13c8f53beb75b2cfe1af636c0293a5c2d504696301184616a821cfaba9
SHA3-384 hash: 677d1749e03edfa31af431fd672e0cdf9360b95638673e5f68d83e5cbaef93c40dc4303daed2dae29bbf5ad311eaa15b
SHA1 hash: 44099af6ea68870a57cf048d8526ae5b8a0524b7
MD5 hash: 35e427e11fd4216dcb459ab924d7f3ee
humanhash: december-football-cup-aspen
File name:Payment_Advice.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:460'967 bytes
First seen:2020-05-06 16:51:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HTPWk04t9P8bNv5yQYWcX0BoTzbFi/AW6hF4IGF:zPWitN8bNAz6oTzwIin
TLSH 4FA423594968C05DEC88812B7ACB0C6198FB8FE5C56901FF1767E1FE4B0D9A60923DF8
Reporter abuse_ch
Tags:AgentTesla HSBC zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.hsbcnet.hsbc.com
Sending IP: 103.125.190.223
From: HSBC Advising Service <advising.service.323956208.826228.2830632942@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[GLV422955348] / Priority payment / Customer Ref:[4457398364181]
Attachment: Payment_Advice.zip (contains "Payment_Advice.exe")

AgentTesla SMTP exfil server:
mail.tolipgoldenplaza.com:587

AgentTesla SMTP exfil email address:
dir.fb@tolipgoldenplaza.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20794.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:28:10 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3wmiwe6i6u56w5nsz7q26y3makj2lqwvaruwgaiyiylkqiopvouq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip dd988b13c8f53beb75b2cfe1af636c0293a5c2d504696301184616a821cfaba9

(this sample)

AgentTesla

Executable exe 011a4b06a1a31fec0e9d5a013b9721f4e30f0ec963d07c42cb1d0e41c30df389

  
Dropping
MD5 e6f94cdf7f585bfcb5dd2579a88a1add
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 011a4b06a1a31fec0e9d5a013b9721f4e30f0ec963d07c42cb1d0e41c30df389

Comments