MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f6267b88abd03a430ee52a3517ff579c3f46699ad1fdbf5977e7ffb3a82d8ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f6267b88abd03a430ee52a3517ff579c3f46699ad1fdbf5977e7ffb3a82d8ce
SHA3-384 hash: 9ad51e7ce2f188cf086d9138e001e09083bf1bec68a7b85bc73e71c42bd8ae79218fc4b869f1de14b0fd44dd9f56b22b
SHA1 hash: 3b09ab4295ff55ffb88434f2536d391d94c99023
MD5 hash: 1296bdf5a9433c31039134a2f4c34918
humanhash: ohio-mississippi-glucose-seventeen
File name:DHL shipping document_PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:708'054 bytes
First seen:2020-08-31 09:20:16 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:K2aQEYUFKQZUkrXv0XcULVb/F/07VbsstEFAwQKMcCKhQ3HFxBwOKWeR6y9q0Qj4:aQtaUEfoNFR0BYKEFVQKMcRheFyh9yj4
TLSH 71E43348349719469F4F96FC23E65F3B9330446AAA5DEC1FF097DC6D86AC52E006207D
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.devbox12.com
Sending IP: 162.249.2.44
From: DHL Global Mail Inc © <nl.directdhl@freight.com>
Reply-To: Customer service <ricknicolas.aol@hotmail.com>
Subject: DHL Shipment Notification Ref ID: 44633179800
Attachment: DHL shipping document_PDF.gz (contains "gunzipped")

AgentTesla SMTP exfil server:
mail.rcsqatar.com:587

AgentTesla SMTP exfil email address:
suhail@rcsqatar.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

PUA.Win.Adware.Webalta-6879873-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader34.29944.17906.10656.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f6267b88abd03a430ee52a3517ff579c3f46699ad1fdbf5977e7ffb3a82d8ce/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 03:27:46 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r5rgpoekxub2imhokkrvc77vphb7izuzvup5x5mxpz77wouc3dha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8f6267b88abd03a430ee52a3517ff579c3f46699ad1fdbf5977e7ffb3a82d8ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 8f6267b88abd03a430ee52a3517ff579c3f46699ad1fdbf5977e7ffb3a82d8ce

(this sample)

AgentTesla

Executable exe 1452240af7843be04730a070e2d541d37c30a6966c753305fc1e117c165996b9

  
Dropping
MD5 b49861954eb679093cc5423bca07bf57
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1452240af7843be04730a070e2d541d37c30a6966c753305fc1e117c165996b9

Comments