MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19084e1d10f9a901ea7066d15f54e3f14ca3ea51ed0d1031e3e1fa0434804cb4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19084e1d10f9a901ea7066d15f54e3f14ca3ea51ed0d1031e3e1fa0434804cb4
SHA3-384 hash: 0ff39b32daf793a6c7e35a71d414d67fd3460bfcc8b48308539a07547e80fbc309be8efa6ae11ff528ff8bedc769454b
SHA1 hash: 143bd1e7d62e3dd776f7dac93aae7a7afe3259ff
MD5 hash: bafacaa30a79dea7a111f5e6a7df6b9a
humanhash: alaska-don-muppet-pizza
File name:DHL INVOICE.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:371'767 bytes
First seen:2020-07-16 10:02:55 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:6vHiQx+5Kg1fnQIWF/3Oa/ZxTu5CuowxlLV5xhFVgLaL2bbg0/CfbLDBjPl3Cc:8iQxkKglmGiZxKsuoiX5XFKxhebLDZlF
TLSH 1584233CA90D6C8A0DFDDD440CCD803E2C78A955F6271F4FA1AAB3496788789F914DE9
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.itrad3r.com
Sending IP: 45.140.168.119
From: DHL EXPRESS <ecommercehelpdesk@dhl.com>
Subject: DHL INVOICE
Attachment: DHL INVOICE.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
mail.pka.co.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.7215.4184.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19084e1d10f9a901ea7066d15f54e3f14ca3ea51ed0d1031e3e1fa0434804cb4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 10:04:06 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=deee4hiq7guqd2tqm3iv6vhd6fgkh2sr5ugrampd4h5aineajs2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 19084e1d10f9a901ea7066d15f54e3f14ca3ea51ed0d1031e3e1fa0434804cb4

(this sample)

AgentTesla

Executable exe 849536010ff426ef38e1cd7bc181902612b7adb0951cf8b6d12100b93f3ce4ef

  
Dropping
MD5 4977fcccdecf999a166d058ad267c8a5
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 849536010ff426ef38e1cd7bc181902612b7adb0951cf8b6d12100b93f3ce4ef

Comments