MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd3dfbebab26348cdec8bf9ba910d33a57c691b99b97f76531ed9d6c288200c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd3dfbebab26348cdec8bf9ba910d33a57c691b99b97f76531ed9d6c288200c5
SHA3-384 hash: 993966d521b0f5b8423b8d19ebd354685f59b00ceb6f182391c308b7306dff5b56b219433a65624b7d557c59d9baac87
SHA1 hash: 9dbb93520352dcc1219a51a642c2cfd95288a781
MD5 hash: f590634240b2a8b7f9d34420f432f573
humanhash: uncle-illinois-coffee-fanta
File name:BA00415Q0123854UOS.Gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:376'058 bytes
First seen:2020-05-27 18:07:50 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:JpkBYP+W6G5JLcxDEFpCtPGqRpiXyOoeibXpobCI+bcBKAt8LYTJCuIWCTB87pAg:EYp5JLcGPjqziXyOorloWIBHectIzN8x
TLSH 2984237DC792A33CEB25F6D7930919FB5797094240ABCB6D595CE3CA22CB81C6C2B502
Reporter abuse_ch
Tags:AgentTesla BofA geo gz USA


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhosting.rtarmenia.am
Sending IP: 46.19.96.204
From: Bank of America, N. A. <AdvicesUS@bofa.com>
Subject: Advice from Bank of America
Attachment: BA00415Q0123854UOS.Gz (contains "BA00415Q0123854UOS.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.fc.28083.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:52 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz fd3dfbebab26348cdec8bf9ba910d33a57c691b99b97f76531ed9d6c288200c5

(this sample)

AgentTesla

Executable exe 4f3a1dd374f609e7dd16e27c282c971122e9d8afbb58068a642925ed5a5065ac

  
Dropping
MD5 9105810a764708d7b37bfbff0988276a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4f3a1dd374f609e7dd16e27c282c971122e9d8afbb58068a642925ed5a5065ac

Comments