MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 803f50e80367d467c82226cd2a7b13aaa6715576715424b0c7395f2e601fa169. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 803f50e80367d467c82226cd2a7b13aaa6715576715424b0c7395f2e601fa169
SHA3-384 hash: 8eec8bea3e5435706586762e2f4cfde341a9f7d0b527241140b900179f4c3d468837e3cdd14f0899459758bbdcc0fabb
SHA1 hash: ab06e0ddd2e850eac5b71a06f2e395ff465fe21e
MD5 hash: 5fbd5729cca5780194d20896ff6517e5
humanhash: spaghetti-utah-finch-east
File name:AWB 673687387678.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:491'520 bytes
First seen:2020-07-08 06:16:06 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:fVs1Ua4vI056yLZTVFGKd+d/UFYKimqzkZuW9h3dOSNQpn9x9ADrsnUzQO75CmH:9bvqyLTFdcd/UJikZ7b3QN9rnUzQO7p
TLSH 45A41250EFD05B71E1649CF34A072EA02503E5451A782B637B5EEC8ABBB37C25E96703
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: DHL Express ™ <support@dhl.com>
Reply-To: oscar.martinez.carnca@gmail.com
Subject: DHL Shipment Notification
Attachment: AWB 673687387678.iso (contains "AWB 673687387678.exe")

AgentTesla SMTP exfil server:
mail.papayatreehotels.com:26

AgentTesla SMTP exfil email address:
reservation@papayatreehotels.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/803f50e80367d467c82226cd2a7b13aaa6715576715424b0c7395f2e601fa169/
Threat name:
Win32.Trojan.DelfFareIt
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:18:06 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qa7vb2adm7kgpsbce3gsu6ytvkthcvlwofkcjmghhfps4ya7ufuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 803f50e80367d467c82226cd2a7b13aaa6715576715424b0c7395f2e601fa169

(this sample)

AgentTesla

Executable exe 2409f04509b447f04121091d6b20dde5291413f155de031ef7e306c736ed9242

  
Dropping
MD5 42a1bf57e59510b27b6128f1edc76fa7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2409f04509b447f04121091d6b20dde5291413f155de031ef7e306c736ed9242

Comments