MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36f5640e9f66afbca0bd343ad72d1abbe6f18d26c920a85ac58d8849b6829b29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36f5640e9f66afbca0bd343ad72d1abbe6f18d26c920a85ac58d8849b6829b29
SHA3-384 hash: d8d9d241af426883eda950271722db4935e17cd249816dc09f07ea8f9082ae160aa5fdcbf0252fb29e2514775e5b1954
SHA1 hash: 81b4f9dfe1c2741749aca6b542499364aef80154
MD5 hash: 1bfea86a35ba9612e88e7e602f80715a
humanhash: fifteen-fix-oregon-avocado
File name:Documents.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:453'124 bytes
First seen:2020-05-01 12:56:06 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 12288:XrD3xsdoXfs06rJP7T7jTCywcMEL/kxE3l8xcf:br+yeJjvj5bH3luG
TLSH 46A4237CE1747A359150C6DF7E3B88A067F40EC5945F293FF50E1AAE12A231A1D906CE
Reporter abuse_ch
Tags:ace AgentTesla DHL


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.estudiodigitarte.com.ar
Sending IP: 190.210.197.100
From: DHL EXPRESS <repuestos1@dicamillomaquinarias.com>
Subject: DHL COURIER : SHIPPING DOCUMENTS
Attachment: Documents.ace (contains "Documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'599
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Ashify
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 13:35:44 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g32widu7m2x3zif5gq5noli2xptpddjgzeqkqwwfrweetnuctmuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 36f5640e9f66afbca0bd343ad72d1abbe6f18d26c920a85ac58d8849b6829b29

(this sample)

AgentTesla

Executable exe 906f3fbf6a6face0d18f8e7d6b4f670df91f558cb9f4719fea860748f3964891

  
Dropping
MD5 2afa654cf4c2c5bb06a151e654329a60
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 906f3fbf6a6face0d18f8e7d6b4f670df91f558cb9f4719fea860748f3964891

Comments