MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 63c8496ad2705c60d046b230fae8edab66265d9bfadfe528ba6088d1b7496db6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 63c8496ad2705c60d046b230fae8edab66265d9bfadfe528ba6088d1b7496db6
SHA3-384 hash: 5e5f83e688145e02e2b0702900a5307d4c6504b6940d7639f26abf61d9bbeca107300f4fba3809ae7203b1402a76dfaf
SHA1 hash: 51442c72971e333f2ab8603c2ccfd9c9c99c4707
MD5 hash: 8ec28ddce7b10dcaa75022353bc386b7
humanhash: black-equal-jupiter-oranges
File name:Halkbank_Ekstre_20200410_080918_330462.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:350'287 bytes
First seen:2020-05-06 17:57:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:50k8xHU4r+WRJLNFG56OXZyUxxrpRBP4UehI1+KtHWJxVYDwAO2eTnx:qk8yT8JLS6eyaxdHR1+KpWJxVHAOLnx
TLSH 8C74234E7B0A7B77458EFF588EA52D97AD29024305382DD201E8F2B2217A4C19B07F5D
Reporter abuse_ch
Tags:AgentTesla geo TUR z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.elmasgrafik.com
Sending IP: 185.48.182.122
From: HALKBANK E-EKSTRE <halkbank.e-ekstre@halkbank.com.tr>
Reply-To: noreply@ileti.isbank.com.tr
Subject: T.HALK BANKASI A.Ş.- 06.05.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200410_080918_330462.z (contains "Halkbank_Ekstre_20200410_080918_330462.exe")

AgentTesla SMTP exfil server:
smtp.ionos.mx:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.44615.27357.28295.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Heye
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 04:28:24 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
18 of 48 (37.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mpees2wsobogbucgwiypv2hnvntcmxm37lp6kkf2mcendn2jnw3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 63c8496ad2705c60d046b230fae8edab66265d9bfadfe528ba6088d1b7496db6

(this sample)

AgentTesla

Executable exe 4b8d62db8bc41db322d93e617367b302796f211080ca07d138699a2923aafb23

  
Dropping
MD5 bed7136e59439497d3c4749605dfc229
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b8d62db8bc41db322d93e617367b302796f211080ca07d138699a2923aafb23

Comments