MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 373d732d3ee515ab1836f1be38f37912a8036e7b8c110d83955ae51300518582. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 373d732d3ee515ab1836f1be38f37912a8036e7b8c110d83955ae51300518582
SHA3-384 hash: ada4bc1a1bb9dfd948c35e87aa0e8cea2220e5ade79498773462c6365e01971def4b7c36b080187495bc1df8d1b5f229
SHA1 hash: 1ffff3d68979e8ebb894ca349808203f57cf01bd
MD5 hash: 341a5a76537952484284f381aa79001e
humanhash: delaware-september-pasta-kansas
File name:AWB 00117390027.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'110'574 bytes
First seen:2020-05-11 15:16:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:TFJHl5JYBjlfOg9NUCRPh5qiNGF+z4G2cHFGSt:TFJHlfYBog9NnRHF0+JLFGSt
TLSH 2D353379F3E22D0547647F4834F974F92D010F9673DA998406EB2AB76F093AA8C8E714
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: he50.itecoserv.com
Sending IP: 176.28.17.50
From: DHL Express delivery <a.lewandoski@dhl.com>
Reply-To: chantiira92@gmail.com
Subject: Ship notification
Attachment: AWB 00117390027.zip (contains "hen cc.exe")

AgentTesla SMTP exfil server:
mail.parkviewmanor.ca:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 15:37:01 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g46xglj64uk2wgbw6g7dr43zckuag3t3rqiq3a4vllsrgacrqwba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 373d732d3ee515ab1836f1be38f37912a8036e7b8c110d83955ae51300518582

(this sample)

AgentTesla

Executable exe d1d14f8dd6e27ee5e2ad219935cbc367da9fa4659794bdf9938be7ffbb89a92b

  
Dropping
MD5 4806c018b8043a5856992606a6539001
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d1d14f8dd6e27ee5e2ad219935cbc367da9fa4659794bdf9938be7ffbb89a92b

Comments