MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ad04786cc4b5330dd661d03192a366212d7fde34fb93c3b0dd9bcc7e773167a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ad04786cc4b5330dd661d03192a366212d7fde34fb93c3b0dd9bcc7e773167a8
SHA3-384 hash: d036322b6f9266d8824a4313e4e460a2f72d8d5923d5da14291c7cd7b5bfe382f5db54dc2845dc768d3c23b04a5116e9
SHA1 hash: 8fbad74c1f90ed7d4d78627a6931391441424d1d
MD5 hash: 7500a9e2af20b855c7eeeb39b44edaf3
humanhash: west-cardinal-oklahoma-louisiana
File name:hesaphareketi001,pdf.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:252'268 bytes
First seen:2020-07-09 12:10:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Qor/6xaen5zgdOniLa9b2yXY/ttYSbCEbnfmK+1xr9lsrBt5:5MpNjnho/ttYShnfy+j5
TLSH 8B342307232C3372E669F07DD2CB559C7AF9EB5B918C4162268BC15811B3E9B1F90C8B
Reporter abuse_ch
Tags:AgentTesla geo TUR xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ngay7.localdomain
Sending IP: 45.127.62.209
From: ekstre@garantibbva.com.tr
Subject: Hesap hareketleriniz
Attachment: hesaphareketi001,pdf.xz (contains "hesaphareketi001,pdf.exe")

AgentTesla SMTP exfil server:
mail.cappac.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ad04786cc4b5330dd661d03192a366212d7fde34fb93c3b0dd9bcc7e773167a8/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 12:12:06 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vuchq3gewuzq3vtb2ayzfi3geewx7xru7oj4hmg5tpgh45zrm6ua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip ad04786cc4b5330dd661d03192a366212d7fde34fb93c3b0dd9bcc7e773167a8

(this sample)

AgentTesla

Executable exe 8d98cc9cafea7bf31e27287f1002cbade82ac19f44d2b12584598509b8b10c99

  
Dropping
MD5 a24efe06eef9d062d226bf5eec6606d3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d98cc9cafea7bf31e27287f1002cbade82ac19f44d2b12584598509b8b10c99

Comments