MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4b81dab904dd9ffd8d9b07d9e42c16631aa34b7881f85bffb3b7246521fd1a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4b81dab904dd9ffd8d9b07d9e42c16631aa34b7881f85bffb3b7246521fd1a0
SHA3-384 hash: 88541936179f67527d61f0d476edef295a87d290b86b74146df0fb8df9c86a0c6f23d3b26d8c7085b585db7d3820f444
SHA1 hash: d3717ffb659b28ff00d8e6439262b3f566e20d9c
MD5 hash: 17b64411ee6f3c407d967f2abc404baf
humanhash: failed-quiet-quebec-six
File name:Dekont.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:329'392 bytes
First seen:2020-07-13 11:40:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:kneDfIfE4FiHrO1KssVqzk31j3jhQOGvxoKQzEhJOFLwODjg:3DfIM4QvssVmwjTeZdQzGJuL9Djg
TLSH AB642356339AC309E1B543E2EC0CE8E0C66E0785750D7A2AF54B4DABED1DA9F630D076
Reporter abuse_ch
Tags:AgentTesla geo isbank TUR z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: isbank.com.tr
Sending IP: 45.153.241.46
From: Türkiye Is Bankasi <bilgilendirme@isbank.com.tr>
Reply-To: Türkiye Is Bankasi <bilgilendirme@isbank.com.tr>
Subject: Swift Mesajı 13.07.2020
Attachment: Dekont.z (contains "Dekont.exe")

AgentTesla SMTP exfil server:
mail.decoplanet.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.18769.25924.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4b81dab904dd9ffd8d9b07d9e42c16631aa34b7881f85bffb3b7246521fd1a0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:42:05 UTC
AV detection:
11 of 48 (22.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ws4b3k4qjxm77wgzwb6z4qwbmyy2unfxrapylp73hnzemuq72gqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b4b81dab904dd9ffd8d9b07d9e42c16631aa34b7881f85bffb3b7246521fd1a0

(this sample)

AgentTesla

Executable exe 8f560b247ad96f57de4e2f6da3d99af31a7ac8478e560c6fbfaa1d3615e65575

  
Dropping
MD5 e6e0c9a9a19145589f731d7380544b97
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f560b247ad96f57de4e2f6da3d99af31a7ac8478e560c6fbfaa1d3615e65575

Comments