MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f130601a8cfa106b2a97dd78afcaff7a68d043461b4d73ae3e03650bbf623c4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f130601a8cfa106b2a97dd78afcaff7a68d043461b4d73ae3e03650bbf623c4f
SHA3-384 hash: 8ac09db27a5a8ebb3ee64f935df1d03aef07f4a868aaedc31f1048fc9781fd44cd33eaaf45364f513e10df261862ba69
SHA1 hash: fe69f614c822a07bda837a124b6a350200e8a5a4
MD5 hash: 8b91f47960b230a21df8290cd7263092
humanhash: queen-wisconsin-early-yellow
File name:PASS-CODE.R00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:305'507 bytes
First seen:2020-05-21 07:13:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:WQe/ScWZ34Rq0tpW4lN3UnHa940cwmwOJxGzyANHcP:WQe1q34RdtpW4l+nHa9Sw1OTG9NO
TLSH D85423AC251C770A2218E95D1BF5C3F13EB7327F296F6D2F2A181AA399D9D31152070B
Reporter abuse_ch
Tags:AgentTesla HSBC r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 42927835.securefastserver.com
Sending IP: 94.177.123.148
From: HSBC Advising Service <AdvicesMY@sc.com>
Reply-To: HSBC | BANK <adamul85@yahoo.com>
Subject: Payment Advice - Ref: HSBC99002992/16052020
Attachment: PASS-CODE.R00 (contains "PASS-CODE.exe")

AgentTesla SMTP exfil server:
premium49.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 07:53:24 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6eygagum7iigwkux3v4k7sx7pjunaq2gdngxhlr6ansqxp3chrhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f130601a8cfa106b2a97dd78afcaff7a68d043461b4d73ae3e03650bbf623c4f

(this sample)

AgentTesla

Executable exe eaf4c8184915128c46df83bb5a48c6f06bf4f402bb48f17f5f5076149bb62e8e

  
Dropping
MD5 1db3b0187b73aeb5920fdd9b174040cf
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eaf4c8184915128c46df83bb5a48c6f06bf4f402bb48f17f5f5076149bb62e8e

Comments