MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ed34891c27b8129c529460a78a8f82b836881fa656d0358b644ada08f54c846. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ed34891c27b8129c529460a78a8f82b836881fa656d0358b644ada08f54c846
SHA3-384 hash: 39a95d02e468bf2fd0c8dbbd4a512a58b388daf36b72107985dbdf61866a38c9f95b26e3ecf4efb804e2f39dd215768e
SHA1 hash: 2a1947eb5f25d6be0b4f8323eabafd166be041c0
MD5 hash: 746fa39219284ce1ad4f60cff56c7b96
humanhash: beryllium-oklahoma-seventeen-oxygen
File name:Swift_Mesaji.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:969'946 bytes
First seen:2020-05-21 15:49:51 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:noxFXN3bs2xKoPG2X7QAK5fLFlsciUNJ+:n2lZqN5fsciKo
TLSH 2F2533B0D5C93BA4A529453EAC7ADFA3FC8553ED7205E113343929BE84CA806E8581F7
Reporter abuse_ch
Tags:AgentTesla geo r00 TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ileti.ziraatbank.com.tr
Sending IP: 45.147.229.227
From: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Reply-To: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Subject: 3500, USD Swift Bildirimi
Attachment: Swift_Mesaji.r00 (contains "Swift_Mesaji.exe")

AgentTesla SMTP exfil server:
mail.dressmartintl.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-22 03:03:04 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 0ed34891c27b8129c529460a78a8f82b836881fa656d0358b644ada08f54c846

(this sample)

AgentTesla

Executable exe 46c6723dba0cf514c72a342d0ed7a53f74b075fb9c2639e48e65ee63bdea4143

  
Dropping
MD5 62f8e29b354a5cfb2b0c897cbb746f32
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 46c6723dba0cf514c72a342d0ed7a53f74b075fb9c2639e48e65ee63bdea4143

Comments