MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b83c8f583fabda43da1b518984bd74357968baa345339aa0b2a05055e4afc1cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b83c8f583fabda43da1b518984bd74357968baa345339aa0b2a05055e4afc1cf
SHA3-384 hash: e245c9abcedb5dd8cca350358af83a52f83057bf767775c8cbb5d663b16cfd99d4b3da34c5b3d721d3bf1cd8ce235646
SHA1 hash: 0c90805f351feaa67c65d0582df68ec31e1b3eac
MD5 hash: a16bdbe47c119b95faaa5e0df7c3c879
humanhash: hot-idaho-fillet-gee
File name:DOT090-909--9900.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:401'516 bytes
First seen:2020-12-24 09:24:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:nPo++plHqtT1+JoluFcWG7K22tgd0gbozesotBORir+x0EKZN6ZCbxQ0wUPsH:n7KFqtJ+/cb4ed0zz0sRJ0Xn60FrS
TLSH 198423F565F525B98303ACFFFBE2BC1C1A4D29C1224E961170497B8C59B26C7F48AD22
Reporter abuse_ch
Tags:7z AgentTesla geo Telegram TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hosted-by.rootlayer.net
Sending IP: 185.222.58.152
From: ekstre@eekstre.qnbfinansbank.com
Subject: CardFinans KOBİ Visa Aralık ayi ekstreniz.
Attachment: DOT090-909--9900.7z (contains "DOT090-909--9900.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
768
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.tz.1796.UNOFFICIAL
Create hunting rule

Result
Verdict:
4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b83c8f583fabda43da1b518984bd74357968baa345339aa0b2a05055e4afc1cf/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-12-24 09:25:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xa6i6wb7vpnehwq3kgeyjplugv4wrovdiuzzvifsubiflzfpyhhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b83c8f583fabda43da1b518984bd74357968baa345339aa0b2a05055e4afc1cf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b83c8f583fabda43da1b518984bd74357968baa345339aa0b2a05055e4afc1cf

(this sample)

AgentTesla

Executable exe f02fa8e872dace8cd23f754b2a74ab4acdfff92783c00fc18ddec3b082758c5c

  
Dropping
MD5 ed7d0dfe4907e08cc1ad7a95166f842e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f02fa8e872dace8cd23f754b2a74ab4acdfff92783c00fc18ddec3b082758c5c

Comments