MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57333ee05397c955a8481765b527b320fd865db7d21cfc72c31cc3dad16dd7e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 57333ee05397c955a8481765b527b320fd865db7d21cfc72c31cc3dad16dd7e4
SHA3-384 hash: 128bd115b9f5ff9680fba0a3078fe81d8e78f9a1aa12652c8cff5031a2e17423e8c9bbd28164b78a15da5c9781a67d80
SHA1 hash: c20484a0a28f026e8823d6350d7a5b194af31f05
MD5 hash: 0e3bd90201ab7430e53c7ca78bf698e8
humanhash: twelve-moon-speaker-floor
File name:Shipping Docments.zip
Download: download sample
Signature AgentTesla
File size:401'807 bytes
First seen:2020-06-30 08:58:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:PL1NuFTEkzFoFBWHolmeIwM5GLsr98dwN/e9j2jg/7:PvuJEvBIwM5GA5q6/e9jck7
TLSH 0084230A55F01357327B753CD649550A67CA99D32FCBCA7639A87887CBE4C08D32A2EC
Reporter @abuse_ch
Tags:AgentTesla DHL Yahoo zip


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: sonic314-14.consmr.mail.bf2.yahoo.com
Sending IP: 74.6.132.124
From: DHL EXPRESS <mldcunanan@yahoo.com>
Subject: DHL SHIPMENT DELIVERY/ INV.NO # 15630132
Attachment: Shipping Docments.zip (contains "Shipping Docments.exe")

AgentTesla SMTP exfil server:
mail.saharanepal.coop.np:587

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 31
Origin country FR FR
ClamAV SecuriteInfo.com.Fareit-FVR97B1CDB35EA0.28661.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/57333ee05397c955a8481765b527b320fd865db7d21cfc72c31cc3dad16dd7e4/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agenttesla
First seen:2020-06-30 09:00:06 UTC
AV detection:20 of 48 (41.67%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 57333ee05397c955a8481765b527b320fd865db7d21cfc72c31cc3dad16dd7e4

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments