MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ef12ae4a4094671889952272721679e3b294faea98b1ad87bd0b676e6091b60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ef12ae4a4094671889952272721679e3b294faea98b1ad87bd0b676e6091b60
SHA3-384 hash: f012c5932c2c1aaa5547216a76823f163e79682360d2b29bb78a1ce050360a1640b5c90f39b6da3d9e1fa6f13f053982
SHA1 hash: b9faaa22eed1aba82f88e0a95adc477c153aa0b2
MD5 hash: 903e68b7d5893091919ddb9c604a340e
humanhash: papa-nine-beer-zulu
File name:Sat_Alma_Emri_800000000.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'521'088 bytes
First seen:2020-06-03 10:19:48 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:GKaUDdu6VEt6rOZUmxNimXDlKFLIbsL1swv91SrSlPq2Jwz38OO:lQ6NrO6ibql1swHC2eQX
TLSH 18C54E27EC418647E02C17FDF8175EB46A6E2705B443ABFE217A4ECE2E0165A1E8713D
Reporter abuse_ch
Tags:AgentTesla geo img TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.engrafik.com
Sending IP: 79.98.129.253
From: Göymen Demir Çelik İnş. Şarkı söyleme <finans@colakoglu.com.tr>
Reply-To: johncarlos9@ifavorsprt.com
Subject: Re:Re:Re:satın alma emri
Attachment: Sat_Alma_Emri_800000000.img (contains "Sat_Alma_Emri_800000000.img.exe")

AgentTesla SMTP exfil server:
ftp.behnazgroup.ir:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:36:25 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
11 of 31 (35.48%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b3ysvzfebfdhdcezkitsoilhty5sst5ovgfrvwd32c3hnzqjdnqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 0ef12ae4a4094671889952272721679e3b294faea98b1ad87bd0b676e6091b60

(this sample)

AgentTesla

Executable exe 5a0801ad1ba4c956a9e0e8a9eb2d1888b78edf53eab466a5e22204859bd6bc3b

  
Dropping
MD5 44f11fabd85e32a29db0f7d545551231
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a0801ad1ba4c956a9e0e8a9eb2d1888b78edf53eab466a5e22204859bd6bc3b

Comments