MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e24395516043bc939dad21dcef1d2f1071551b8c8005144f7e7862f41e9a548. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e24395516043bc939dad21dcef1d2f1071551b8c8005144f7e7862f41e9a548
SHA3-384 hash: 413efd951e566e37e4c78ae2818e49630a9856352b66bd78059a61c2d3fa20c36127ebc03050820dcefcb8d60f89ba5a
SHA1 hash: 4a9db555803ad41bac7f1c1bf9cd9df46e4ab6de
MD5 hash: 827324701bf18b1dc3f7311690b12a38
humanhash: single-december-chicken-yankee
File name:Dhl-Express095958858-WA.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:460'223 bytes
First seen:2020-05-03 12:24:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:R7p/IRhjllgNyv3CLGzmCEFrRZpZUI7k0:RSNbvJE/Dm0
TLSH A8A423AF71ED9C012BBE48B81E8CC33D924DF50EDD8E7666455325A3C9A39D26388349
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: esva.teb.bergamo.it
Sending IP: 213.149.207.20
From: DHL Express <NO-Reply-DHL@alhoutisons.com>
Subject: Emergency Situation/Incomplete Delivery To Your Shipping Address
Attachment: Dhl-Express095958858-WA.rar (contains "Dhl-Express095958858-WA.exe")

AgentTesla SMTP exfil server:
mail.wafaagroup.net:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-03 12:35:30 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nysdsviwaq54soo22io454os6edrkunyzaafcrhx46dc6qpjuvea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 6e24395516043bc939dad21dcef1d2f1071551b8c8005144f7e7862f41e9a548

(this sample)

AgentTesla

Executable exe 21339eb283369e13ec4129e6ba7cedfd84b67a40e9b297f367eadbce06edf0a2

  
Dropping
MD5 33a0167204f0d8df502fbb7704313e36
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 21339eb283369e13ec4129e6ba7cedfd84b67a40e9b297f367eadbce06edf0a2

Comments