MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8731e007958f7c3e9ea279dbf1e655ee6ab425158be0f4bd716efddd0c3c306. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8731e007958f7c3e9ea279dbf1e655ee6ab425158be0f4bd716efddd0c3c306
SHA3-384 hash: 7cb64def4ffc372c566714f7183f1ff9c6f081d536c1710b2796f67e808d1084e9a8b69a2c186770529fb6a7239c5ef8
SHA1 hash: 131454b3dbac331a40e36878b8f28dac89a50e5b
MD5 hash: 11ff23cc702f19731d79c7564aaac09f
humanhash: magnesium-cat-yankee-charlie
File name:SWIFT Transfer(103) 001TRA1210770051.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'376'256 bytes
First seen:2021-03-31 05:55:01 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:7W1JBTMQhCFJpu1AQU4McFdMaKrTqJGTbK:Gn/TUlSX+K
TLSH AD55E014321A7D91E43A87F140DD1B4263F39B819315D53DBC98D1889FE3AC3BAEAAC5
Reporter cocaman
Tags:AgentTesla img SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "CTBC BANK <customer.service@ctbcbank.co.id>" (likely spoofed)
Received: "from medeortz.co.tz (medeortz.co.tz [196.41.32.157]) "
Date: "Wed, 31 Mar 2021 05:08:13 +0300"
Subject: "CTBC BANK SWIFT COPY"
Attachment: "SWIFT Transfer(103) 001TRA1210770051.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.576.19195.18342.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8731e007958f7c3e9ea279dbf1e655ee6ab425158be0f4bd716efddd0c3c306/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-03-31 03:32:06 UTC
File Type:
Binary (Archive)
Extracted files:
43
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bzr4adzld34h2pke6o36htfl3tkwqsrlc7a6s6xc3x53ugdymda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/f8731e007958f7c3e9ea279dbf1e655ee6ab425158be0f4bd716efddd0c3c306

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img f8731e007958f7c3e9ea279dbf1e655ee6ab425158be0f4bd716efddd0c3c306

(this sample)

AgentTesla

Executable exe 1c4b4441e3216049a7c0a8807bdaa0304a2162e0ae6d38b2c1bdb76003fe20f8

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c4b4441e3216049a7c0a8807bdaa0304a2162e0ae6d38b2c1bdb76003fe20f8
  
Dropping
AgentTesla

Comments