MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a86a8d4e37899d844d336ee6df9a0ea4633ea621ed92daca640dbe4205a7374. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a86a8d4e37899d844d336ee6df9a0ea4633ea621ed92daca640dbe4205a7374
SHA3-384 hash: 11f0817f4c7e7c1ef56868a1ec9d742150d0ab1be475b458197e62d007a7d615e2b0859ee5a132e63eaedb2af84dcaac
SHA1 hash: 71dda7bf3ef7f4a69c6457c387732ab8e7d98738
MD5 hash: 7a304897bbcc43dbce6b2b17a86fc3e5
humanhash: jig-monkey-robin-one
File name:YOUR DHL NOTIFICATION_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:398'398 bytes
First seen:2020-06-15 12:05:35 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:qhnu8zppNHDRidWGaCOKDGxbwVRsBhqE812q:Knu4pNHdiNaCO4G1wVRsHqTQq
TLSH 268423D01F9EDB8C293147D941685F1BDC40743E91E25BF6A90B6B1B9F08AABD628D30
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: globe3email.hostcentral.net
Sending IP: 103.53.172.34
From: DHL EXPRESS <NoReply.ODD@dhl.com>
Subject: YOUR DHL NOTIFICATION/UPDATE PARCEL NO:DL7593462
Attachment: YOUR DHL NOTIFICATION_PDF.gz (contains "YOUR DHL NOTIFICATION_PDF.exe")

AgentTesla SMTP exfil server:
mail.greebals.gr:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 12:07:05 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jkdkrvhdpcm5qrgtg3xg36na5jddh2tcd3ms3lfgidn6iic2on2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 4a86a8d4e37899d844d336ee6df9a0ea4633ea621ed92daca640dbe4205a7374

(this sample)

AgentTesla

Executable exe 22a3fe05132793fecce3337c6e692f2c7f978a01b9ab334dc4da337262cb52d2

  
Dropping
MD5 900d9f7931cecc2690b0bd1a002f3984
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 22a3fe05132793fecce3337c6e692f2c7f978a01b9ab334dc4da337262cb52d2

Comments