MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a79e99e54aae909f8a17492ae1f47ffd44c0e94b5a62dc54df3743f7860843f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a79e99e54aae909f8a17492ae1f47ffd44c0e94b5a62dc54df3743f7860843f7
SHA3-384 hash: 4a0109e6b19cbca254b8c940ac2566d07d2544811f01a3bb3c67315fd93da5b0e9de194e5fb5c0fcf961693201f203bb
SHA1 hash: 5a92d5a179cb27b705c208ca2bff106332146d1d
MD5 hash: 010988ae72bfee7a0188c682343657ea
humanhash: pennsylvania-jersey-music-iowa
File name:Ticari Hesap Özetiniz.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:516'975 bytes
First seen:2020-08-27 08:42:11 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:zpkN22kkMa2EaetknCuEv7B8CO8R/t1AGBN5e6xSBeCQRyI:zpPT07anCuEvt8XKFKGBN00SsCQAI
TLSH AEB4233C5319646E81DC9D153B8F09B8E6E76174E33407F98458230CA6EA431EEA6E5E
Reporter abuse_ch
Tags:AgentTesla geo rar TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ns3022570.ip-51-254-199.eu
Sending IP: 51.254.199.53
From: Akbank Ticari Bankacılık <ticaribankacilik@bilgi.akbank.com>
Subject: AĞUSTOS 2020 Ticari Hesap Özetiniz (Ref:1353878463)
Attachment: Ticari Hesap Özetiniz.rar (contains "Ticari Hesap Özetiniz.exe")

AgentTesla SMTP exfil server:
mail.pkstyles.pk:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a79e99e54aae909f8a17492ae1f47ffd44c0e94b5a62dc54df3743f7860843f7/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 08:44:05 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u6pjtzkkv2ij7cqxjevod5d77vcmb2klljrnyvg7g5b7pbqiip3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a79e99e54aae909f8a17492ae1f47ffd44c0e94b5a62dc54df3743f7860843f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar a79e99e54aae909f8a17492ae1f47ffd44c0e94b5a62dc54df3743f7860843f7

(this sample)

AgentTesla

Executable exe b0813d378a8beb9c5ffa76eff2a030482a0b1b8a011b455db9186de4508b3ece

  
Dropping
MD5 d51aa4227cefe1c1f5fac57712d9ff5a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b0813d378a8beb9c5ffa76eff2a030482a0b1b8a011b455db9186de4508b3ece

Comments