MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56a08e966464d46e404c1652313097f088ba8a7bad9edc9a349b97b8d287bd9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	56a08e966464d46e404c1652313097f088ba8a7bad9edc9a349b97b8d287bd9c
SHA3-384 hash:	ecf8183137ed45ea7cf27508be68f856b88fdbbbec2706d7eadcfac5f0b1ca1f2bcd693ffbe8b1a60bdb753c4048b383
SHA1 hash:	78b3843da80036c3ea8472a0a91ee65c0d516493
MD5 hash:	d135b5a879ac157c8055d5ca4246d0c2
humanhash:	glucose-cup-queen-white
File name:	Halkbank_Ekstre_06052020_075748_550793.PDF.r00
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	1'269'341 bytes
First seen:	2020-05-06 17:56:19 UTC
Last seen:	Never
File type:	r00
MIME type:	application/x-rar
ssdeep	24576:jugC4ClsaMRfb/jSnfX5Wm0zwElinCqSDt0rtkFQJXgxJVJnC9:juW8shhcsGCiCqSZ0rtkawJlC9
TLSH	6E45336AE294E568EDABDF22CAD85351DDE0A82A046FD502FA195D1F3B0FC31DE4C131
Reporter	abuse_ch
Tags:	AgentTesla geo Halkbank r00 TUR

abuse_ch

Malspam distributing AgentTesla:

HELO: www.inviva.com.tr
Sending IP: 185.135.222.66
From: HALK bankasi <ibrahim@urvetti.com>
Subject: T.HALK BANKASI A.S. 06.05.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_06052020_075748_550793.PDF.r00 (contains "Halkbank_Ekstre_06052020_075748_550793.PDF.exe")

AgentTesla SMTP exfil server:
mail.newtorres.com:587

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

Win32.Trojan.Injector

Status:

Malicious

First seen:

2020-05-06 18:36:29 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

18 of 48 (37.50%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=k2qi5ftemtkg4qcmczjdcmex6celvct3vwpnzgrutol3ruuhxwoa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 56a08e966464d46e404c1652313097f088ba8a7bad9edc9a349b97b8d287bd9c

(this sample)

AgentTesla

exe 0eb12d3962140a829e5447544771641c92bdfaa6a545af9d701b69f5a882fd14

Dropping

MD5 abb6c57f28dd3b7cb3132c20299c5ff2

Dropping

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 0eb12d3962140a829e5447544771641c92bdfaa6a545af9d701b69f5a882fd14

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample