MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3d81915764c3b793e5d5da2bcb0d7e693263c91b54627960d14e314f9d3d321. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3d81915764c3b793e5d5da2bcb0d7e693263c91b54627960d14e314f9d3d321
SHA3-384 hash: 8900b4064b55d5c77321813bff89270b5cf0bcc5e71d511a26142cc31246e698251c6a36513f0fa56617b256247433ca
SHA1 hash: e94b9509cc4a806cb2da6cae813ecd69af7a6303
MD5 hash: 8729b346bc6b1b19e2e02979b7590d62
humanhash: carbon-october-harry-early
File name:Ziraat Bankasi Swift.bz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'243'259 bytes
First seen:2020-05-04 21:19:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Dah0//i7ZYI5yOZ36BDFpdMfljFjltqcTZJ5mpxTqSz0p:G0//i7ZYIfZKHpOpq+ZJIxTlzM
TLSH 7B4533B2DE9CB91C1DB9D62A664542C5C3D36271AB20DCEB6179A3C34C227DFCEA4D01
Reporter abuse_ch
Tags:AgentTesla bz geo TUR ZiraatBankasi


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: outsmtp01.sadecehosting.com
Sending IP: 77.92.152.35
From: ZIRAAT BANKASI <ziraatbank@ileti.ziraatbank.com.tr>
Subject: EUR Swift Bildirimi
Attachment: Ziraat Bankasi Swift.bz (contains "Ziraat Bankasi Swift.exe")

AgentTesla SMTP exfil server:
reseller16.webserversystems.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 21:37:03 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wpmbsflwjq5xsps5lwrlzmgx42jsmperwvdcpfqnctrrj6ot2mqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b3d81915764c3b793e5d5da2bcb0d7e693263c91b54627960d14e314f9d3d321

(this sample)

AgentTesla

Executable exe cda1b4d9f351162cdf80e5a774ccc0334cde4c2e50017fbcd31991a9b38651fb

  
Dropping
MD5 a047aab6c476e455a76e61121f4cc89e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cda1b4d9f351162cdf80e5a774ccc0334cde4c2e50017fbcd31991a9b38651fb

Comments