MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4314856e6f20df19900611e47759fb577ca5439aea1af85d4da0c5c3300892ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4314856e6f20df19900611e47759fb577ca5439aea1af85d4da0c5c3300892ff
SHA3-384 hash: 39102d3722695262ed3520be89098432d31b022acce4a8da9b82430948e4d27c44de845481a5d8100c53a6d82eee0877
SHA1 hash: 1d41dacb851ade67cebfbbaed1e75cf751d36fdf
MD5 hash: 8c8753400cdafba41e55b17e61fac40e
humanhash: double-triple-golf-sad
File name:DHL Shipping Document_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:301'918 bytes
First seen:2020-07-13 06:38:52 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:XTcf1yrKFCTIwOsUWPBgYsZACjlrIyZkuyve/I47E2eHA:XwN+wCWFSgYqj2yZk8h7EJA
TLSH 6C54236D1E60C841B37A88B726D7DA5F08200390AE41BE17C6AF9A8594021FFE7B7D70
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 35-168-85-129.plesk.page
Sending IP: 35.168.85.129
From: PT AXINDO HUMAPERDANA <cindy@axindosecurity.co.id>
Reply-To: PT AXINDO HUMAPERDANA <ricknicolas.aol@hotmail.com>
Subject: Shipment document dispatched on July 2020-LCL
Attachment: DHL Shipping Document_PDF.gz (contains "DHL Shipping Document_PDF.exe")

AgentTesla SMTP exfil server:
mail.rcsqatar.com:587

AgentTesla SMTP exfil email address:
suhail@rcsqatar.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4314856e6f20df19900611e47759fb577ca5439aea1af85d4da0c5c3300892ff/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:40:07 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=imkik3tpedprteagchshowp3k56kkq425inpqxknudc4gmaisl7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4314856e6f20df19900611e47759fb577ca5439aea1af85d4da0c5c3300892ff

(this sample)

AgentTesla

Executable exe 8e19aa41d4d9df55db350241ee00258f455501449ad3054c09b0ee7b148da430

  
Dropping
MD5 6f93148cc0b4a11464c0ad521de71b6f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e19aa41d4d9df55db350241ee00258f455501449ad3054c09b0ee7b148da430

Comments