MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 577152a2377a047a68d0886e13f0c1d99b2bb06905f96f5fb2e6c66404cae2aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 577152a2377a047a68d0886e13f0c1d99b2bb06905f96f5fb2e6c66404cae2aa
SHA3-384 hash: e1f1af71b8f558a7e4009ca80bbc418789ad139eb6c9b59fc85ebf2a7630f73308167809b604712287b3bbd838fcaf64
SHA1 hash: 35d34216497047c973f36531938572427dcfcf3a
MD5 hash: 004340dfc17d9f92b61887e4c3cb1d84
humanhash: uncle-orange-orange-kentucky
File name:Halkbank,doc.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:890'191 bytes
First seen:2020-06-15 12:28:59 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:n/Q4tsqWNkEHppNMOHc9Oos/B7yPO/6am1w77bLkeFv:YxqWaEHHNlHc9MZiQvm149v
TLSH 1B15335BEEF6F5355E4D1902BB51C9AD5E2C086EC9EA15AEC3528EBB25F3B210130343
Reporter abuse_ch
Tags:AgentTesla geo Halkbank r00 TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 156.96.62.213
From: T.HALK bankasi<ekstre@halkbank.com.tr>
Subject: T.HALK BANKASI A.S. 06.15.2020 Hesap Ekstresi
Attachment: Halkbank,doc.r00 (contains "Halkbank,doc.exe")

AgentTesla SMTP exfil server:
mail.skylabelskenya.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:30:07 UTC
AV detection:
17 of 30 (56.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5yvfirxpichu2gqrbxbh4gb3gnsxmdjax4w6x5s43dgibgk4kva._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 577152a2377a047a68d0886e13f0c1d99b2bb06905f96f5fb2e6c66404cae2aa

(this sample)

AgentTesla

Executable exe b8313ffec94f8f5386dc5462fd3897249c3146a7b6d11a78c64c30b5e94d54de

  
Dropping
MD5 88e1473bd68ac5393989eb239446004f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b8313ffec94f8f5386dc5462fd3897249c3146a7b6d11a78c64c30b5e94d54de

Comments