MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbb5af0ad56df9131cc4ebd8f6e1f11fe3402cf64b47ba6d6837245c81db7b4c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbb5af0ad56df9131cc4ebd8f6e1f11fe3402cf64b47ba6d6837245c81db7b4c
SHA3-384 hash: 7b80e57001f0cb3cd14f77eb8b3a225855a2ea54a8c26a1d595713a70a299f2fa313fb96a1f2f1b79b6066becca6be18
SHA1 hash: 9757756c3268608dc3e3027f894a2983fc32f0f8
MD5 hash: fc7fca0e4ac923a3bad08d0203f9f388
humanhash: river-batman-ohio-florida
File name:Halkbank,pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'025'176 bytes
First seen:2020-05-25 12:35:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:+2p7DyOhMbZMYqHoIrglBMPVRgPbYg4O3UTRnEnB9cyf3:+2pvhMbZ/IrglugPki4EB9D
TLSH 6225332ADDAAF50B696B8C287E250317CB9B463B145491351789FA03DA31EAF707E70C
Reporter abuse_ch
Tags:AgentTesla geo Halkbank TUR z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 156.96.45.138
From: T.HALK bankasi<ekstre@halkbank.com.tr>
Subject: T.HALK BANKASI A.S.14.05.2020 - 25.05.2020 Hesap Ekstresi
Attachment: Halkbank,pdf.z (contains "Halkbank,pdf.exe")

AgentTesla SMTP exfil server:
mail.hakanmobilya.com.tr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 14:42:36 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
12 of 31 (38.71%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip fbb5af0ad56df9131cc4ebd8f6e1f11fe3402cf64b47ba6d6837245c81db7b4c

(this sample)

AgentTesla

Executable exe aad02f97afd49f0c54f1d5b38bf4012640eb5032a44b077376f63b5c15638f1c

  
Dropping
MD5 b750b0f7daa7b533b2b4ab61bf2c4c50
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aad02f97afd49f0c54f1d5b38bf4012640eb5032a44b077376f63b5c15638f1c

Comments