MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 092f9a2a73096e5796784561d5a3a667e256437cca61e1d80783aeab7559127b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 092f9a2a73096e5796784561d5a3a667e256437cca61e1d80783aeab7559127b
SHA3-384 hash: c70e56c1d45d96aaac482b2f34a09dfea7a6a15bb7eb58aee5f38e0305c0e02c4db6851563893020a90b58e1e35adf85
SHA1 hash: ab8ecca790b4498949701e4d11a77d66127d82c6
MD5 hash: 5067da6eb5860ccfda9f23e9afb3c3bc
humanhash: stream-louisiana-bluebird-shade
File name:Halkbank_Ekstre_20200619_074852_956489.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:410'538 bytes
First seen:2020-06-19 06:52:59 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:xuSQozwxEtF6Zx9RfAoIGD8XQbVpOBxVM/hkF0IXaTYBJ6FNa0IUDd+8o9+:xuNoz+WazAoIGgXQBbqtqZz3bd+9+
TLSH 909423F484C1A132CEC24E3D860918605AD706DF00DBB60A9E86D4CE56ABC5DDEC6BF7
Reporter abuse_ch
Tags:AgentTesla geo Halkbank r00 TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 156.96.45.138
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.S. 19.06.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200619_074852_956489.r00 (contains "Halkbank_Ekstre_20200619_074852_956489.exe")

AgentTesla SMTP exfil server:
mail.brightpackaging.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 06:54:08 UTC
AV detection:
16 of 30 (53.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bexzukttbfxfpftyivq5li5gm7rfmq34zjq6dwahqoxkw5kzcj5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 092f9a2a73096e5796784561d5a3a667e256437cca61e1d80783aeab7559127b

(this sample)

AgentTesla

Executable exe e7502f73ee5efbc03a4d8b899d1402151191746acf2c96681364d21831a532c3

  
Dropping
MD5 74a6983bac64a4401b1f4719a2765cbb
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e7502f73ee5efbc03a4d8b899d1402151191746acf2c96681364d21831a532c3

Comments