MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8e9f788ece62db8745c9fcf15489132b0ed4c20f0619aca2557763fbbbecc88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c8e9f788ece62db8745c9fcf15489132b0ed4c20f0619aca2557763fbbbecc88
SHA3-384 hash: 6658570d5b470a6cbb1b9729f6ee0e0061cca5e64dde7b7a4d93337adf4d1a497bac90d4fccfb0c80f446a24a86ca43b
SHA1 hash: 796a0fe0a34650b6e028aefcb9da257170473864
MD5 hash: 16b146fce398107ac4104eb77158f3cb
humanhash: september-massachusetts-virginia-lion
File name:Halkbank_Ekstre_20200601-20200618_074852_956489.z
Download: download sample
Signature AgentTesla
File size:965'468 bytes
First seen:2020-06-18 11:15:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:eDBzDVUAi7bGnDHHbZbvCdfwyECEeSz9N477bAHK3YsnasGz/:eRDVU57qLHbZbvCdfTEeX7kK3Yh/
TLSH DB2533166C496178122D4C3B77828487D8215AFF138EBF59E98EBFE350E17480D7ECA2
Reporter @abuse_ch
Tags:AgentTesla geo Halkbank TUR z


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: halkbank.com.tr
Sending IP: 156.96.45.138
From: HALKBANK.E-EKSTRE@halkbank.com.tr
Subject: T.HALK BANKASI A.S. 01.06.2020 - 18.06.2020 Hesap Ekstresi
Attachment: Halkbank_Ekstre_20200601-20200618_074852_956489.z (contains "Halkbank_Ekstre_20200601-20200618_074852_956489.exe")

AgentTesla SMTP exfil server:
mail.bioaktif.com:587

Intelligence


File Origin
# of uploads :
1
# of downloads :
40
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2020-06-18 11:36:11 UTC
AV detection:
26 of 48 (54.17%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip c8e9f788ece62db8745c9fcf15489132b0ed4c20f0619aca2557763fbbbecc88

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments