MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bab81c85d2ef61a915589825e7e4cd78827016c330a33957c0ac207c0738c785. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bab81c85d2ef61a915589825e7e4cd78827016c330a33957c0ac207c0738c785
SHA3-384 hash: 76354109acfae9a4031966c327e493fd92b0093a6495343564607791f91752a9d8370d3488ce06615e694544ab87ec1d
SHA1 hash: 9e86a2cae0e9f5dedcb6a05c5b80d2b8ca6a01b7
MD5 hash: 126ccd38fed8ef131644b011d7ea9eb0
humanhash: jupiter-fish-ten-fourteen
File name:SMK+2020-05-08-14-58-06--id-D1A70B66.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:626'688 bytes
First seen:2020-10-15 12:09:49 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:WuQoqdevT5b3boi446lTEcpRcjQHZ27T7i:D+devT5bEEyo
TLSH 86D48EF86A49966EF95E4C73F89D18E2512DBC5F0D8BF207A80735CC8D2A141DEB20B5
Reporter abuse_ch
Tags:AgentTesla img


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: yetkin-ltd.com.tr
Sending IP: 31.214.141.136
From: ariftemur@yetkin-ltd.com.tr
Subject: Order
Attachment: SMK+2020-05-08-14-58-06--id-D1A70B66.img (contains "SMK+2020-05-08-14-58-06--id-D1A70B66.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.26475.23707.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bab81c85d2ef61a915589825e7e4cd78827016c330a33957c0ac207c0738c785/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xk4bzbos55q2sfkytas6pzgnpcbhafwdgcrtsv6avqqhybzyy6cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bab81c85d2ef61a915589825e7e4cd78827016c330a33957c0ac207c0738c785

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img bab81c85d2ef61a915589825e7e4cd78827016c330a33957c0ac207c0738c785

(this sample)

AgentTesla

Executable exe 7ce357f7c3475e91f3dd3880f4fbbaa6d50f7101044b8b24e2ca0ea70981286c

  
Dropping
MD5 b0a8128a2b46658eb5c266dabde95b80
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7ce357f7c3475e91f3dd3880f4fbbaa6d50f7101044b8b24e2ca0ea70981286c

Comments