MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8542044caea32efbde398448b6c16e202bf6a5b791e811e92e6be5d504c6ec6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8542044caea32efbde398448b6c16e202bf6a5b791e811e92e6be5d504c6ec6
SHA3-384 hash: b84c7d06fb63b402714c03dbfd6766b914189c57c9f1f91dfbe549dd6191cb609efe519a960d3e3768e98aaeb4eabe28
SHA1 hash: 5555c9f5da2adfbca54f5ce44df3be3fb905458b
MD5 hash: 0683ec8e70bec0c6bcc2ab95d0a7f047
humanhash: double-monkey-lactose-cat
File name:YKBGunlukEkstre.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'076'512 bytes
First seen:2020-06-08 09:14:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Jnk6EhN7L20E0wmGM+Hy+mnp656Nok3C3qI:JvEhNOFAGonI6Kj3qI
TLSH 5935333F45CC5A938328E3BFE586239E2FDA77040019B4F7D9F55C4441EAD4EA05A8AE
Reporter abuse_ch
Tags:AgentTesla zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ns50.kayhost.com
Sending IP: 217.116.200.67
From: YAPIKREDI <suleyman.bingol@stroton.com.tr>
Subject: APIKREDI C/H Ekstre 07/06/2020 08: 21
Attachment: YKBGunlukEkstre.zip (contains "kesh.exe")

AgentTesla SMTP exfil server:
mail.devagumruk.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 09:16:08 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7bkcargk5izo7ppdtbciw3aw4ibl62s3pepichus427f2ucmn3da._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f8542044caea32efbde398448b6c16e202bf6a5b791e811e92e6be5d504c6ec6

(this sample)

AgentTesla

Executable exe 3ce76fac043692ad62a62864b8ed4b35e831fc15a60eafb5de41f0b0bfe25d13

  
Dropping
MD5 d963503e789bad0dd6393568dd9f7be1
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ce76fac043692ad62a62864b8ed4b35e831fc15a60eafb5de41f0b0bfe25d13

Comments