MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf6c3ed4bce55302c3d653d7d4f34c1ad13a94c509f6d2583dc0adc704404d30. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf6c3ed4bce55302c3d653d7d4f34c1ad13a94c509f6d2583dc0adc704404d30
SHA3-384 hash: f77bfb2403e38ebef32386f23a2fb2021e9c664c62e72e1b53d4a59b05a1603d790aa6ffd7866933a1a7291cb5c9c83f
SHA1 hash: 36dec6fdc05593bb35fb125a9fdc2a4154e37511
MD5 hash: 53499f08c5be6bed02f4167f71e98dba
humanhash: delaware-timing-south-pennsylvania
File name:Halkbank_Ekstre_20210329_060812_651567 PDF.bz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:724'206 bytes
First seen:2021-04-06 08:14:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:/8Je7ZbPn4Q6RWTCNs2f+4QX0UrZz0cjye3WQLWVtwH/T+/4Z1tHvGkQ2xHI:kJe7Zbf4Q6dN/zwrRBue35WVtg/cK/W
TLSH 5CF4338AA4890583072C94B23926FAA53EC55201D13FFEBF1477C5E885D5412A9FEF3E
Reporter abuse_ch
Tags:bz geo Halkbank TUR


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: proje.mertbilisim.net
Sending IP: 85.95.240.168
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.Ş. 01.04.2021 - 06.04.2021 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20210329_060812_651567 PDF.bz (contains "hRl1FoxHlK8EX6O.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/bf6c3ed4bce55302c3d653d7d4f34c1ad13a94c509f6d2583dc0adc704404d30
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf6c3ed4bce55302c3d653d7d4f34c1ad13a94c509f6d2583dc0adc704404d30/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-06 08:15:14 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5wd5vf44vjqfq6wkpl5j42mdlitvfgfbh3newb5ycw4obcajuya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf6c3ed4bce55302c3d653d7d4f34c1ad13a94c509f6d2583dc0adc704404d30

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip bf6c3ed4bce55302c3d653d7d4f34c1ad13a94c509f6d2583dc0adc704404d30

(this sample)

AgentTesla

Executable exe ae7d14d604ceb767afe056f099002dba0741eaf6e0ad49ce1f7b403b522b9862

  
Dropping
MD5 63a04366642aef651cbce9e5f7d42ab9
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae7d14d604ceb767afe056f099002dba0741eaf6e0ad49ce1f7b403b522b9862

Comments