MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cee9e2f62953bf60af828cebf3488e38139bf0df4ed3cda6620123713f457a73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cee9e2f62953bf60af828cebf3488e38139bf0df4ed3cda6620123713f457a73
SHA3-384 hash: 7829fb5def4a7da25f7fc65408e0f6291cc23ab66691b45bad1f7a95661ad9a7473284bd15d6fabcde8ff55df1f9abe7
SHA1 hash: ad49472775c8a4a7c8c2d7b85819efb8dc701ab8
MD5 hash: 882decac956c188c4c66177a0807edd2
humanhash: music-five-fruit-fanta
File name:Halkbank_Ekstre_20200610_121858_226315.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'020'493 bytes
First seen:2020-06-10 11:42:25 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:zhKChIJnnxLMpN5yPR/dsf4JYUpQn3FMRoYIuWJrF3:1bAxLD8YYUqnY8uWFd
TLSH AA2533DEF4E50FC61A880580BDA64F19CCA752B5F196E84F8D9991205FCA4F70E83BC5
Reporter abuse_ch
Tags:AgentTesla geo Halkbank TUR z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 156.96.62.213
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.Ş. 10.04.2020 - 10.06.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200610_121858_226315.z (contains "Halkbank_Ekstre_20200610_121858_226315.exe")

AgentTesla SMTP exfil server:
mail.skylabelskenya.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 11:44:07 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z3u6f5rjko7wbl4crtv7gseohajzx4g7j3j43jtcaerxcp2fpjzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip cee9e2f62953bf60af828cebf3488e38139bf0df4ed3cda6620123713f457a73

(this sample)

AgentTesla

Executable exe 0faacc2c9de3f4e343c41b21a3a3b6bad1982397b329e89c288b765cbaae86e1

  
Dropping
MD5 918910e1400dc5e97fb0a2a26038efc7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0faacc2c9de3f4e343c41b21a3a3b6bad1982397b329e89c288b765cbaae86e1

Comments