MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff57883a3ea252bb35148f43852db94018561323d1dfa58a79d36dec80fa9895. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ff57883a3ea252bb35148f43852db94018561323d1dfa58a79d36dec80fa9895
SHA3-384 hash:	6efbc097a9032654f75dedc46c8fd5ab0a18ad8ba93438bababc5cdf704fede873f97694a8fd4dd20c3afd79a14f28ec
SHA1 hash:	5858300225d46b6e3a1dcd4e9e9d75eb6d3ad9bd
MD5 hash:	829619a8dec50b92cd241f927fd386b4
humanhash:	kansas-romeo-hotel-helium
File name:	NW Swift TT Taranan 3884930049 hesabza 31000 ABD Dolar tutarnda bir odeme ekledi PDF.z
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	316'905 bytes
First seen:	2020-05-09 16:07:34 UTC
Last seen:	Never
File type:	z
MIME type:	application/x-rar
ssdeep	6144:lDQo0ZdoP29LnYxqXlr1R+5KqpDG5Oi8SRNnoeQOB1klDW7IXWb5Sl3rg:CDbp1nKqVq5zAONbOclq7Uk
TLSH	B96423F9216A4E091E6CDC51D033F56436DB4DA6AD1DCC5FC073B878539FB82AE6808A
Reporter	abuse_ch
Tags:	AgentTesla z

abuse_ch

Malspam distributing AgentTesla:

HELO: mx1.chaiyohosting.com
Sending IP: 58.181.206.8
From: bilgilendirme@vakifleasing.com.tr <tob@erawanfood.com>
Subject: AW: Documents
Attachment: NW Swift TT Taranan 3884930049 hesabza 31000 ABD Dolar tutarnda bir odeme ekledi PDF.z (contains "NW Swift TT Taranan 3884930049 hesabza 31000 ABD Dolar tutarnda bir odeme ekledi PDF.exe")

AgentTesla SMTP exfil server:
ftp.universalinks.net:21

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Genkryptik

Status:

Malicious

First seen:

2020-05-09 16:35:21 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

16 of 31 (51.61%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=75lyqor6ujjlwniur5byklnziamfmezd2hp2lctz2nw6zah2tckq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z ff57883a3ea252bb35148f43852db94018561323d1dfa58a79d36dec80fa9895

(this sample)

AgentTesla

exe ff5a506b69008ad7cc902dd5ca6b0fe6c2235e532b9b2421bf4b86dd2b13462b

Dropping

MD5 cad5266dd3b307284b7cc780a4863b3e

Dropping

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 ff5a506b69008ad7cc902dd5ca6b0fe6c2235e532b9b2421bf4b86dd2b13462b

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample