MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b56407abc7e06ef8b131a462b2ca6ab0b8fbc053c78e88ae64750d73155b056. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b56407abc7e06ef8b131a462b2ca6ab0b8fbc053c78e88ae64750d73155b056
SHA3-384 hash: 121193596055ef54746063f0dec25b0a469387520591fcc35f87aa7d5b48e7cb4baa60617ac3141e5f7e18af6c69ba07
SHA1 hash: 05465a67eb5fb220d58727400543f26cce7ece60
MD5 hash: 502d50bf09737df4f74c1b0c91ab2807
humanhash: burger-solar-bulldog-one
File name:shipping document.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:434'984 bytes
First seen:2020-07-11 05:59:01 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:ujFRtC4JMGYphuUgzy/Bmy1Wt3KID4mnO5PPOdQXnE0as0/M:ujFR4nphuUZRs4ma7fH
TLSH 9F94235F307B3D48BA9B7A497ACC85EDC5C5DD0E7390415142AAC892C0ACD6BCB37EA1
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: rdns0.absean.com
Sending IP: 192.129.188.197
From: DHL delivery  <utilit-grade@absean.com>
Subject: Documento de envío (Factura, PI, Bill of Lading)
Attachment: shipping document.rar (contains "shipping document.exe")

AgentTesla SMTP exfil server:
mail.pierreinsurancebrokers.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b56407abc7e06ef8b131a462b2ca6ab0b8fbc053c78e88ae64750d73155b056/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2020-07-11 06:00:10 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lnlea6v4pydo7cytdjdcwlfgvmfy7pafhr4orcxgi5inomkvwbla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5b56407abc7e06ef8b131a462b2ca6ab0b8fbc053c78e88ae64750d73155b056

(this sample)

AgentTesla

Executable exe 391272018c37c88ce5c0921a9881695fbae09611ce443f12db516963012da380

  
Dropping
MD5 234b06c483e9c1677556b38cd0550dee
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 391272018c37c88ce5c0921a9881695fbae09611ce443f12db516963012da380

Comments