MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eda7136fc79a38f5ac3548da536ee932d3b1a5be741965a89c08d25aaffc2f43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eda7136fc79a38f5ac3548da536ee932d3b1a5be741965a89c08d25aaffc2f43
SHA3-384 hash: d9989bad8e436f478a8838feadf66fcae1f21104566e709ab5e5d87cd02560b98ac5cd974189b02a8dcceec7e16c92f5
SHA1 hash: 38c0fb1da01ee7a99431c1cebe990ee5822f723c
MD5 hash: 880b205ea09a494b7e075c709d8e4d0d
humanhash: oranges-victor-tango-cat
File name:PO 3323__20201506.xls.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:416'500 bytes
First seen:2020-06-15 12:22:38 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:gtNOeEZxT/R/vLzBXWzPtQ1kihzvkPFUUt7u:yNOeEZJ/5vL1+tTODkPO07u
TLSH 1E942329CC2386A1C8CDE0150F8E5FC92B11D9E4D3F505D41AA10F6AACA46F96ECFB5D
Reporter abuse_ch
Tags:AgentTesla geo r00 TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: turkeydalal.com
Sending IP: 156.96.62.213
From: Merve BİNGÖL <info@turkeydalal.com>
Subject: PO# 3323 (BIN GROUP)
Attachment: PO 3323__20201506.xls.r00 (contains "PO# 3323__20201506.xls.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:24:08 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5wtrg36hti4pllbvjdnfg3xjglj3djn6oqmwlke4bdjfvl74f5bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 eda7136fc79a38f5ac3548da536ee932d3b1a5be741965a89c08d25aaffc2f43

(this sample)

AgentTesla

Executable exe 4e1d9e3cb83b44c13a9870d21f59b4eb335167d952a6914583a8a0259d6c16c0

  
Dropping
MD5 2928d38ac0a28d2d9e8164a885823c40
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e1d9e3cb83b44c13a9870d21f59b4eb335167d952a6914583a8a0259d6c16c0

Comments