MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8a5d56d0c782dbc835dad8664afbcb3292a9ed04ab873b9e5f804b495108e18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8a5d56d0c782dbc835dad8664afbcb3292a9ed04ab873b9e5f804b495108e18
SHA3-384 hash: 885b07358185e7e2bf5466767fff2745a4bf9078df506890bdb46fb568684f690b3f4328e5aaf6e9287e8edfe2d543cf
SHA1 hash: 52f60fbfc01c52ac35419cb52c2c7df8839d8f0a
MD5 hash: 73fca7a2321c77e4e28e917c6100ccea
humanhash: friend-delaware-lake-sad
File name:Swift.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:641'939 bytes
First seen:2020-07-16 07:55:57 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:gGzZx1kuXO6dJPec6DPdPtrrwt02FMOVhhm4t5xssgajRVHKotmT:9koPWTdFHgZhm46sTNVHrq
TLSH AED433DDC3B67A730558E3E6EA79A2F0D8515B108C72E5F5E84B14B1D84C83ACAF7086
Reporter abuse_ch
Tags:AgentTesla geo isbank r00 TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ileti.isbank.com.tr
Sending IP: 45.138.172.58
From: Turkiye Is Bankasi Dosya Transferi <dosyatransferi@ileti.isbank.com.tr>
Reply-To: Turkiye Is Bankasi Dosya Transferi <dosyatransferi@ileti.isbank.com.tr>
Subject: Swift Mesajı
Attachment: Swift.r00 (contains "Swift.exe")

AgentTesla SMTP exfil server:
mail.ashpraskills.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8a5d56d0c782dbc835dad8664afbcb3292a9ed04ab873b9e5f804b495108e18/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 07:57:07 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vcs5k3impaw3za25vwdgjl54wmusvhwqjk4hhopf7acljfiqryma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 a8a5d56d0c782dbc835dad8664afbcb3292a9ed04ab873b9e5f804b495108e18

(this sample)

AgentTesla

Executable exe 6783eae69893388f7895a9787ed3c8b429e730d45e8aa3cc1e60aa45f0664bc2

  
Dropping
MD5 de08c2c9360a0034bebf57fcc079f598
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6783eae69893388f7895a9787ed3c8b429e730d45e8aa3cc1e60aa45f0664bc2

Comments