MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a035dd7ae1fd3b61ebad42c4da627cba7bf8f71e7a9b3f4ecc3252d4f66e1641. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a035dd7ae1fd3b61ebad42c4da627cba7bf8f71e7a9b3f4ecc3252d4f66e1641
SHA3-384 hash: 43f863351e5dfedd520a3fe12d0af9f9c1cb2b349f449fb0d17d0f0bc43710bf0ed554b86ce77c633a560c7d4558b35a
SHA1 hash: d75c6dc3b42b1e408656fbfb57bc061d7a280ca8
MD5 hash: 457d889d89895121dca8a1e6e03698a0
humanhash: lactose-sad-wyoming-quiet
File name:Halkbank_Ekstre_7162020_917762.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:642'164 bytes
First seen:2020-07-16 08:08:36 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:ya3jzalk9XxFsRraD3mF7vnrcTPTVe9WWmR6y7NG9c07f6iOxNxf8N7hcLSBxPvn:ya3MwIo4rITPT09WW66yBG6YfAC7hfPv
TLSH 2ED42322E3B1C163A5B2CCF5AB17FEF0855F92BFB5536619B489033F64AA5887053C48
Reporter abuse_ch
Tags:AgentTesla geo Halkbank r00 TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 185.193.38.187
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Reply-To: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.Ş. 16.07.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_7162020_917762.r00 (contains "Halkbank_Ekstre_7162020_917762.exe")

AgentTesla SMTP exfil server:
mail.ashpraskills.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a035dd7ae1fd3b61ebad42c4da627cba7bf8f71e7a9b3f4ecc3252d4f66e1641/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:10:09 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ua2526xb7u5wd25nilcnuyt4xj57r5y6pknt6twmgjjnj5toczaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 a035dd7ae1fd3b61ebad42c4da627cba7bf8f71e7a9b3f4ecc3252d4f66e1641

(this sample)

AgentTesla

Executable exe e52c7992ab1aa4ed8defe7e3cd4243f47d2c422cfb6ae78f1d360a763dbabb32

  
Dropping
MD5 aff8ed3ecaead090b84e42f1221bc70e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e52c7992ab1aa4ed8defe7e3cd4243f47d2c422cfb6ae78f1d360a763dbabb32

Comments