MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ffff2e5eaca55be15903a75af7c84f3afe9cce467d7f19d893dd0f8525962d9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ffff2e5eaca55be15903a75af7c84f3afe9cce467d7f19d893dd0f8525962d9f
SHA3-384 hash: 220f77e40bbf0702c923d7d6802cc438b5deaaac5dd60211bf687d1b39a407a3556e8043d77c7c3e085da1a03da38926
SHA1 hash: 29ac598242f9070f0b18a4413d04264469273ce6
MD5 hash: 25609fd36d51ad3c87a8224d11a69344
humanhash: seventeen-victor-cold-sierra
File name:Hesap Hareketleri 28-10-2020.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:485'606 bytes
First seen:2020-10-28 08:48:38 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:U1KS623L1EQqozIZBBlAVlzdiFa+YkB52UT/v:kf6oJE8zIZBQY9YkP2G
TLSH 41A42315691E1B7D29FEB6C756BC11EBDB32BE653904D1032E2BDA429010F3872A2C4F
Reporter abuse_ch
Tags:AgentTesla geo rar TUR


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.nexylan.net
Sending IP: 185.46.228.38
From: QNB FINANSBANK <email@email.qnbfinansbank.com>
Subject: QNB FINANSBANK'ınızın günlük aktiviteleri
Attachment: Hesap Hareketleri 28-10-2020.rar (contains "Hesap Hareketleri 28-10-2020.exe")

AgentTesla SMTP exfil server:
mail.jjfconsultores.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ffff2e5eaca55be15903a75af7c84f3afe9cce467d7f19d893dd0f8525962d9f/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=777s4xvmuvn6cwidu5nppscphl7jztsgpv7rtwet3uhykjmwfwpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar ffff2e5eaca55be15903a75af7c84f3afe9cce467d7f19d893dd0f8525962d9f

(this sample)

AgentTesla

Executable exe 8e6eaa63e1369a27a263e6c57e6183631c9cbfed993cfc9c77ae3b3a57e32e73

  
Dropping
MD5 25b4ca69ee66862212916233cf1aa9df
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e6eaa63e1369a27a263e6c57e6183631c9cbfed993cfc9c77ae3b3a57e32e73

Comments