MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 21a54f1ab17e14552e84cccd56c2e38ad8eeeb258634895939e4af3a6217f261. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 21a54f1ab17e14552e84cccd56c2e38ad8eeeb258634895939e4af3a6217f261
SHA3-384 hash: ee25e982957c21da2ef84c5fbe42d41354d69ce8279963fca089c838d2057be29b8f300d148a6e3a6fca88e3d88cb68d
SHA1 hash: 71635cced26d2e48079394b745af3d83e098e0eb
MD5 hash: c9aa6ea27a3a179d45a2a48c578e779c
humanhash: hotel-green-nevada-pennsylvania
File name:Air Way Bill_ Dhl.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:612'979 bytes
First seen:2020-07-30 07:41:29 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:FW8/hp4CzHrSPOmOSirJoi6sWiwoZjFnoF0XzAlyagf5CxiR:FWgh2CLOfDQqsMoXoWXMIafkR
TLSH 4DD433A88BB0CF2A274A8087DB650914ECC6AED53215F931D9C0BF5B4BE587F0E59D31
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: zz0.612.gunayanescafin.ml
Sending IP: 165.227.17.45
From: DHL EXPRESS <612.gunayanescafin.ml>
Reply-To: DHL EXPRESS<info@wearskypro.com>
Subject: DHL Arrival Notice: WayBill, BL., Packing List & Shipping Documents.
Attachment: Air Way Bill_ Dhl.gz (contains "Air Way Bill_ Dhl.exe")

AgentTesla SMTP exfil server:
smtp.mosiactex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/21a54f1ab17e14552e84cccd56c2e38ad8eeeb258634895939e4af3a6217f261/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-07-30 07:43:07 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=egsu6gvrpykfklueztgvnqxdrlmo52zfqy2iswjz4sxtuyqx6jqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/21a54f1ab17e14552e84cccd56c2e38ad8eeeb258634895939e4af3a6217f261

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 21a54f1ab17e14552e84cccd56c2e38ad8eeeb258634895939e4af3a6217f261

(this sample)

AgentTesla

Executable exe 94a423fe460dd70d28cfa65a5c192377c289343a87f3b46c2378b2b28edf3336

  
Dropping
MD5 6d0ddcfaaa4af8d75dd0366c91eb8781
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 94a423fe460dd70d28cfa65a5c192377c289343a87f3b46c2378b2b28edf3336

Comments