MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3409aa8ad5d4edf7e5f0970a04e4dd6c019b2bb5cf89ba9155a86fe35383db6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f3409aa8ad5d4edf7e5f0970a04e4dd6c019b2bb5cf89ba9155a86fe35383db6
SHA3-384 hash: 74546ea15d7d4ada8e3fe1efd265545a8291d33ccc6527b19f8aa0dc1294b8d25cb0e84bca6508e76e3e410a579df957
SHA1 hash: 025403fb861baaa6a7b2000c1c6b7802722eab27
MD5 hash: bd27ba2df54b60e7b22192cd63855699
humanhash: timing-crazy-fish-pluto
File name:Payment Advice_Pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:722'056 bytes
First seen:2020-10-07 07:48:14 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:mA9QpnPa2Y8qdVcK//+dFs3I+JjBK41Uz+41OY8nDXobFq7W8TAEOr9m:mAV38qdVt/+dFoF7rYiXsq7W8TAEOrA
TLSH C4E433C149ADBBD5EF3E7854DE0C3C7FEA344499B8B1D2B110E3214B91B092FA256866
Reporter cocaman
Tags:AgentTesla z


Avatar
cocaman
Malicious email (T1566.001)
From: "HSBC BANK
<advising.service.300008944.873248.2986720162@mail.hsbcnet.hsbc.com>"
Received: "from lancetti.ro (lancetti-tur.ro [82.77.62.25]) "
Date: "Wed, 07 Oct 2020 08:44:59 +0100"
Subject: "Payment Advice - Advice Ref:[GLV728066501] / ACH credits / Customer
Ref:[OCTOBER PAYMENT 3] / Second Party Ref:[INV-098084]"
Attachment: "Payment Advice_Pdf.z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f3409aa8ad5d4edf7e5f0970a04e4dd6c019b2bb5cf89ba9155a86fe35383db6/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-07 07:50:07 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6najvkfnlvhn67s7bfykatsn23abtmv3lt4jxkivlkdp4njyhw3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f3409aa8ad5d4edf7e5f0970a04e4dd6c019b2bb5cf89ba9155a86fe35383db6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z f3409aa8ad5d4edf7e5f0970a04e4dd6c019b2bb5cf89ba9155a86fe35383db6

(this sample)

AgentTesla

Executable exe 69c3795f077c95d2059b048fac8070021c5e7a984c3cd388bfbfa609ae265353

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69c3795f077c95d2059b048fac8070021c5e7a984c3cd388bfbfa609ae265353
  
Dropping
AgentTesla

Comments