MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a9c9a8c6c1ffd0481cd626d3ef3f332173dbe00fd464bac30efd272cb3c345a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a9c9a8c6c1ffd0481cd626d3ef3f332173dbe00fd464bac30efd272cb3c345a
SHA3-384 hash: 4c4ab4182ee2359c8744bc45a5d8186210acb64124733863ff091f7477d7a83964a87d093b45f570b918a991d1b0e2bb
SHA1 hash: c34f7e36cda0de051b9a9faf1c2b1f1aa2567980
MD5 hash: 8a5c56f0fe710bac3dfe227d2f0258a2
humanhash: bravo-freddie-six-undress
File name:DHL CUSTOMER ADVISORY BL COM. INV. 70982167667.r27
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'256'551 bytes
First seen:2020-05-05 10:30:32 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:XWpEkvZFTOE9QIlrBsqqZcBYt0Qqy7Cowgr3UrPnIVGaE91KH2bt7vfC:XoEkXK+f3qZcBYKQqE7nrk7nIVo7v6
TLSH FF4533A9C1C9ED36848B2A4E7B174DED6BDA8E2FFD4DAB36CC269130A1C4F476704015
Reporter abuse_ch
Tags:AgentTesla DHL r27


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 191.101.130.212
From: DHL<NoReply@dhl.com>
Reply-To: nofia.putri.siemens.com@bk.ru
Subject: DHL Shipment Notification : 7098216766
Attachment: DHL CUSTOMER ADVISORY BL COM. INV. 70982167667.r27 (contains "DHL CUSTOMER ADVISORY BL COM. INV. 70982167667.exe")

AgentTesla SMTP exfil server:
mail.zarkom.rs:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 10:36:21 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dkojvddmd76qjaonmjwt547tgilt3pqa7vdexlbq57jhfsz4grna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 1a9c9a8c6c1ffd0481cd626d3ef3f332173dbe00fd464bac30efd272cb3c345a

(this sample)

AgentTesla

Executable exe cdbbd0b8a60076d5acc56645fb9c09622e32b878f0a8c6201db7c87f5bf09631

  
Dropping
MD5 42cbe2b96d29ff81d7006bc33bc2aec7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cdbbd0b8a60076d5acc56645fb9c09622e32b878f0a8c6201db7c87f5bf09631

Comments