MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56fe967e3be372ab89bfa881d4c12f6de022b24064fc9e560047dc3eb3f31c24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56fe967e3be372ab89bfa881d4c12f6de022b24064fc9e560047dc3eb3f31c24
SHA3-384 hash: c651f81a14b0030cfedf626208f06110d69ff37bd5aebd2a5ef8c109b9a1e789ce047d406f02e71a35c45816e53ef0d3
SHA1 hash: 940bc5655cbef55ad7a7a299eb5d4481aa736c55
MD5 hash: a357127f7d5e0789f0881259f170a537
humanhash: failed-fix-hydrogen-texas
File name:Face MasksKN95.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:460'787 bytes
First seen:2020-04-02 15:23:59 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:he66W1bjtS4ofohNcZ50v64sM3IDDdCxC:g6BV0Mm0v61MjxC
TLSH D1A4232FDA50FD6686FB94F7870178641F3526B239684BF25311F1E24BA06C646EF80E
Reporter abuse_ch
Tags:COVID-19 z


Avatar
abuse_ch
COVID-19 themed malspam:

HELO: mailblock6.hostneverdie.com
Sending IP: 210.1.60.117
From: Tina Meng -Sales <Tina@planetgroup.cn>
Subject: Face Masks and KN95 COVID -19
Attachment: Face MasksKN95.pdf.z (contains "Masks&KN95.z.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 15:35:22 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
28 of 47 (59.57%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k37jm7r34nzkxcn7vca5jqjpnxqcfmsamt6j4vqai7od5m7tdqsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 56fe967e3be372ab89bfa881d4c12f6de022b24064fc9e560047dc3eb3f31c24

(this sample)

DLL dll d53823a77a528f3e34ddde64b0a9f6ca5f806fdc4e08ed0f38c384629bf16e9b

unknown e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

  
Dropping
MD5 d41d8cd98f00b204e9800998ecf8427e
  
Dropping
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9507af5acd54cac5dce6b2dd74a9fa04b34b0cace818d339202c4f354bf0ffa2
  
Dropping
MD5 d007035c352e8ea078d72f24922033f2

Comments