MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 892eb50f08641250372ad18425767b10782956761a037a113d775c13cd17f4d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 892eb50f08641250372ad18425767b10782956761a037a113d775c13cd17f4d1
SHA3-384 hash: 7079ceb01106788206cc6fe6ef50fc72aabf0072c1537f11a939549f5a76358a66da00758b3a6f1a3c86643045cc9146
SHA1 hash: 43706caee9c22a587f47531c7f1275cf22d66147
MD5 hash: 6632f54800c0d13ae7ad614ad48d4c8a
humanhash: diet-kentucky-alaska-wyoming
File name:Halkbank_Ekstre_20200617_074852_956489,pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:388'803 bytes
First seen:2020-06-18 06:22:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ynEMWUedCpdYDSz+EW6+unmkustXG28T1JM2Zid6z6+0U/Wie0XoaxPnR0lNR15o:ynEjEpdYez+UnmkNt0T42ZpB0U/leo7z
TLSH E1842357D0D2D01F5F161E6D806EA1A1BB6625F1337BCB07D488B3B19A2FBB63402963
Reporter abuse_ch
Tags:AgentTesla geo Halkbank TUR z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 156.96.45.138
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.S. 01.06.2020 - 18.06.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200617_074852_956489,pdf.z (contains "Halkbank_Ekstre_20200617_074852_956489,pdf.exe")

AgentTesla SMTP exfil server:
mail.bioaktif.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 06:24:05 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rexlkdyimqjfanzk2gcck5t3cb4csvtwdibxuej5o5obhtix6tiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 892eb50f08641250372ad18425767b10782956761a037a113d775c13cd17f4d1

(this sample)

AgentTesla

Executable exe 5a4aaa67bb04e7c5538c0759f01a6db3c11b004415b5bd5c31bd3a93806bc575

  
Dropping
MD5 9ae3aaa8789c76823b07703c54ee4e5f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5a4aaa67bb04e7c5538c0759f01a6db3c11b004415b5bd5c31bd3a93806bc575

Comments