MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a4d5a740b62bc999582f4ae6f38adb0905b35a9a835ce09013a24e30eed4bc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a4d5a740b62bc999582f4ae6f38adb0905b35a9a835ce09013a24e30eed4bc8
SHA3-384 hash: 43c4a8e14f42a05df1200fa60b67e21438075ceda75b81263197accdcde8edb788072de929784d31e4372d27786dc093
SHA1 hash: 363baeae24dd22d57699a11ec8fcfbe215bd3e50
MD5 hash: 9744cd9036b0e3e3d2c4e72d17207173
humanhash: double-april-august-nineteen
File name:INVOICE DOCUMENTS.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:439'348 bytes
First seen:2020-05-18 07:50:57 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:4JIrhJQWG6ROM48aU3EBj/o5DIkXs3gGrbRkr4KOYNqjMtXdX0bL0tilSC:4uVJT4M0U3EBjMIkaHJkzOTjQX0lF
TLSH 2E9423CA2B5773EB09A0A27DF7C643779B10599AA3304946FF74B09FC906C1E006667B
Reporter abuse_ch
Tags:AgentTesla DHL z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mailhost02.turknetserver.com
Sending IP: 193.192.122.115
From: DHL Expresst<hafidha.meghaouzel@bilyapinsaat.com.tr>
Subject: DHL BILL OF LANDING SHIPPING INVOICE DOCUMENTS
Attachment: INVOICE DOCUMENTS.pdf.z (contains "INVOICE DOCUMENTS.pdf.exe")

AgentTesla SMTP exfil server:
smtp.yandex.ru:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 03:05:25 UTC
File Type:
Binary (Archive)
Extracted files:
294
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=djgvu5almk6jtfmc6sxg6ofnwcifwnnjva244cibhisogdxnjpea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z 1a4d5a740b62bc999582f4ae6f38adb0905b35a9a835ce09013a24e30eed4bc8

(this sample)

AgentTesla

Executable exe e4e53abfcd6b06b7089669ff7aebaaefd84a1080b3c3a398a5836a41fde44513

  
Dropping
MD5 c8569aa189837fb21b4dbe2317940243
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4e53abfcd6b06b7089669ff7aebaaefd84a1080b3c3a398a5836a41fde44513

Comments