MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5129ccf7dde139d9367eadee52243227d2ebafaefd1f8671835b7fff6006aea1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5129ccf7dde139d9367eadee52243227d2ebafaefd1f8671835b7fff6006aea1
SHA3-384 hash: 2ef30f282eda15be78c885fafb95ffd1a99b7574c57808a816ddb59058cd26556063a8e16d3a419007910e019c874f83
SHA1 hash: 613fff34645dbbba5ee43301cd1623bc6f76311f
MD5 hash: 2dcf17263f5f6e75385883c66db268dd
humanhash: november-item-crazy-delaware
File name:Pl.m0001466.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:652'414 bytes
First seen:2020-07-16 08:57:15 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:arVd3It5bNVz1YQxdOW69LzG2x7EpcWGLrYooLxKQ1+8DxfPlHHwlX6yW3Kth:0d3IHbNUQxIPzxxmwr1mR1DlPlHgX6xy
TLSH 8DD4230B517AFC0ADDA3C83B471E25D71DEA2764E3AA15953F4086BD31F448938E6707
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-75870.us-west-1.nxcli.net
Sending IP: 173.249.144.227
From: DHL Logistics/Express Delivery <logistics@dhl.com>
Subject: Shipment Notification: You Have A Package With Us
Attachment: Pl.m0001466.rar (contains "bj7B5YUr4HjYLbZ.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5129ccf7dde139d9367eadee52243227d2ebafaefd1f8671835b7fff6006aea1/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:59:04 UTC
AV detection:
3 of 48 (6.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=keu4z5654e45snt6vxxfejbse7joxl5o7upym4mdln776yagv2qq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5129ccf7dde139d9367eadee52243227d2ebafaefd1f8671835b7fff6006aea1

(this sample)

AgentTesla

Executable exe 94213bb74d440f1782526a2a47f1820545963ad6b07aca628718c4e9113649e4

  
Dropping
MD5 12ed403a5e0425c5cc1a3f279e3551d0
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 94213bb74d440f1782526a2a47f1820545963ad6b07aca628718c4e9113649e4

Comments