MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44b2299d9b42f626ab287251ad09b49e9d9a8be09ffcbbcaee887f2ddcc0a986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44b2299d9b42f626ab287251ad09b49e9d9a8be09ffcbbcaee887f2ddcc0a986
SHA3-384 hash: ef47d783fb28d5c73cc3209b6faeb2dd0ea19d7326dadeeea6a738742c1e6e234d39fcc541c594a1b1450dd3ff7596e0
SHA1 hash: abd19b9deb476b700b2ef59457ac5743020f46b7
MD5 hash: 4475ed021413c7ee3030ed0b06b5a43e
humanhash: football-cup-low-april
File name:DHL.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:401'939 bytes
First seen:2020-06-19 06:10:29 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Zcc4PBx3y78hdiMUPMdmQUC5uS+dEMYtg:mnV6M+++dE2
TLSH 2884230848460CDD04C3ADA481758F87D65BB5BEBCF48A297DD3BBC42D81AF9A7D2934
Reporter abuse_ch
Tags:AgentTesla CHN geo gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ec2-15-206-222-188.ap-south-1.compute.amazonaws.com
Sending IP: 15.206.222.188
From: DHL客户支持 <support@dhl.com>
Subject: DHL出货通知:2121015942
Attachment: DHL.gz (contains "DHL.exe")

AgentTesla SMTP exfil server:
smtp.anding-tw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodGzip-A.13537.19901.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 06:11:08 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=iszcthm3il3cnkzioji22cnut2ozvc7at76lxsxorb7s3xgavgda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 44b2299d9b42f626ab287251ad09b49e9d9a8be09ffcbbcaee887f2ddcc0a986

(this sample)

AgentTesla

Executable exe f6e1ff31a98cc744017f7b9140feaf05fb9077e3f50f7bf9dafe20505f8ed157

  
Dropping
MD5 f826ba7c71e3190e3656e70b4bbfc7f2
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f6e1ff31a98cc744017f7b9140feaf05fb9077e3f50f7bf9dafe20505f8ed157

Comments