MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5e2647928a898c6ce76be1e38ad1f326a24d9e5def9107a50656670843f2b01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d5e2647928a898c6ce76be1e38ad1f326a24d9e5def9107a50656670843f2b01
SHA3-384 hash: e324d5a8a5bdbae095827d0861d39667104c77bfd9e3109876d0f9f1e188a9db4c53e6e81261fa0d08bc1a331b7fea7d
SHA1 hash: 5d3a96a3d7b6043842f12709fac9c053dc71a33c
MD5 hash: 4fc17669ae52ea1b35e1db28490aff50
humanhash: white-nuts-enemy-potato
File name:Statement Of Account.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:312'001 bytes
First seen:2020-05-27 18:20:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Icg36ln+67CIu9WgcZE+vVCVO89CVahWt23K5knrQwZCgZkD7USnHNwoLjPa:IcgL67EWBZP389CVJt23BUMC7rwgC
TLSH A7642352793515CC05D18237A734618A0BB9A6DE37CBBCFC373246749FE81D2CB8A91A
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: email.trendyol.com
Sending IP: 190.117.101.190
From: Trendyol <seller@email.trendyol.com>
Reply-To: Trendyol <seller@email.trendyol.com>
Subject: RE: Statement of Account
Attachment: Statement Of Account.zip (contains "Statement Of Account.exe")

AgentTesla SMTP exfil server:
mail.baglam.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24891.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 15:14:51 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d5e2647928a898c6ce76be1e38ad1f326a24d9e5def9107a50656670843f2b01

(this sample)

AgentTesla

Executable exe ea8165799ed9c883d11259131ed4820b9d8782d8fb3f0e3622855247af80749b

  
Dropping
MD5 895e9ff38afe8a14d582073118a84e9c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ea8165799ed9c883d11259131ed4820b9d8782d8fb3f0e3622855247af80749b

Comments