MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 692c4c0d3e79884f0d9305134b6158b8fd769443bcac9b86ab583e8d0e383309. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 692c4c0d3e79884f0d9305134b6158b8fd769443bcac9b86ab583e8d0e383309
SHA3-384 hash: c133e11219d73f647c92cac57e0be7442f15f81787b53bd41433cc3938cb9792bf0fde3df04b70276c353193f01a064a
SHA1 hash: f79ccfaa63ff146468041ef418adb3abae49be9b
MD5 hash: 37ab46576dc1c27e011f6b3b669f65bc
humanhash: mars-fanta-fruit-four
File name:DHL SHIPMENT NOTIFICATION_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:523'267 bytes
First seen:2020-05-21 19:22:31 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:Nr6FAy1zB5gNbCJOn0S1xhFP9LmDo77CoLFRPI+FOfWzhOJ:NraX1PgpNnlP9Oo779FRPI/uhOJ
TLSH 0EB423E374A27E27CD19269238376610CA7E909F3AEE95FCD2803D9376015634AD83F5
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: j0j40j2k.ni.net.tr
Sending IP: 185.95.86.158
From: DHL EXPRESS <NoReply.ODD@dhl.com>
Subject: YOUR DHL SHIPMENT NOTIFICATION/UPDATE PARCEL NO:DL7593462
Attachment: DHL SHIPMENT NOTIFICATION_PDF.gz (contains "DHL SHIPMENT NOTIFICATION_PDF.exe")

AgentTesla SMTP exfil server:
mail.newvenna121llc.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Grp
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 19:35:41 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
22 of 48 (45.83%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 692c4c0d3e79884f0d9305134b6158b8fd769443bcac9b86ab583e8d0e383309

(this sample)

AgentTesla

Executable exe d5d61ed9be91b3c219a22b01d34bf08e55205d78851351cb16f4643cdfaf9bb7

  
Dropping
MD5 fcd22de3968310ce2c48785ccef369be
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d5d61ed9be91b3c219a22b01d34bf08e55205d78851351cb16f4643cdfaf9bb7

Comments