MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44e849db1720b5792bd5fdaaa836febe70b46f16dd3bc34575a1dfa5c9cb76bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44e849db1720b5792bd5fdaaa836febe70b46f16dd3bc34575a1dfa5c9cb76bc
SHA3-384 hash: f3ec9a105bf513ff345fee51766ba65ac702f8695a19d18ea06f74333bfe10d43c1b49a1447b12cd430c80b5330af212
SHA1 hash: 57d3942e83d1a19fe0613317ba7ce5fbedbdd9e6
MD5 hash: d277575c37a75e86f9ab5e550e11cbf8
humanhash: sierra-lemon-texas-iowa
File name:Dhl Contact Form.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:658'623 bytes
First seen:2020-08-19 10:12:07 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:CkSOJDXgHVYgQLKnO+p+4tM/szeGlnF3RP3c3yHVvfVd7w8sdCokqKTxojNSCNk:CkSsoRvnzi4LfcC1f7739qE6jNvNk
TLSH 17E433A1B6F30D7CACCAA111CFD61950AD776809F1A3F3167D8AB0817AE4C5E3909BD1
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.spiact.ro
Sending IP: 81.18.71.206
From: DHL notification <lucian.grigore@rd-enginery.ro>
Subject: DHL Notification
Attachment: Dhl Contact Form.pdf.gz (contains "Dhl Contact Form.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ser.MSILPerseus.5421.16881.22015.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44e849db1720b5792bd5fdaaa836febe70b46f16dd3bc34575a1dfa5c9cb76bc/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 10:14:06 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ituetwyxec2xsk6v7wvkqnx6xzyli3yw3u54grlvuhp2lsolo26a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 44e849db1720b5792bd5fdaaa836febe70b46f16dd3bc34575a1dfa5c9cb76bc

(this sample)

AgentTesla

Executable exe a8e3aa38bc5411b933613c703086a892234231639204d40df93831d6062423c7

  
Dropping
MD5 fcad5da5a6979b13f69461436c7d70d3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a8e3aa38bc5411b933613c703086a892234231639204d40df93831d6062423c7

Comments