MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3174d8275f1c8bb7292ba472e8af81c6fe4c19bcae13dc98fab7910ba912a97a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3174d8275f1c8bb7292ba472e8af81c6fe4c19bcae13dc98fab7910ba912a97a
SHA3-384 hash: 161025db47b90cb9c3fd27666c636775db09ec0413248e8003c4e233db68258cfbd394a2e6477146dd1b389c9ccab8e6
SHA1 hash: bc7f136b71cba48f6f9091b6e1b2ab3af44a1b73
MD5 hash: 6f56f1e680b3eea8940cda136f90b497
humanhash: sierra-steak-video-salami
File name:Shipping Documents.PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:439'033 bytes
First seen:2020-06-25 09:37:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Mhddm37ePg7muP06vZj1lkQCHFVUuJc8cEnoeg:MBW1qujZRlkQAV3e+7g
TLSH BD9423132F3C68C434D752216A7A6C188D7041CF67F85D7C49A994CA6FFF313A2EAA52
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 95.211.208.50
From: DHL|Express|Courier <enquiry@dhl.com>
Subject: Shipping Documents - change in the destination of your goods
Attachment: Shipping Documents.PDF.zip (contains "Shipping Documents.PDF.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44022.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25510.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3174d8275f1c8bb7292ba472e8af81c6fe4c19bcae13dc98fab7910ba912a97a/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gf2nqj27dsf3okjlurzorl4by37eygn4vyj5zgh2w6iqxkisvf5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3174d8275f1c8bb7292ba472e8af81c6fe4c19bcae13dc98fab7910ba912a97a

(this sample)

AgentTesla

Executable exe a24cbb68747fd9aa4f8cbbd627efdc330a064fe0ad42d4e8738f2778d108e661

  
Dropping
MD5 b03af3a1f580f8f482375a0c05f6060c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a24cbb68747fd9aa4f8cbbd627efdc330a064fe0ad42d4e8738f2778d108e661

Comments