MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90c7e4d89e9d03dfce076be5a4ed96d7bcab1e300b2d027c558cfb5a049e82b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90c7e4d89e9d03dfce076be5a4ed96d7bcab1e300b2d027c558cfb5a049e82b8
SHA3-384 hash: 023593e4019f5dec0e95484339fed792c989d9b5fc39410954b7cf4e834fe9e72c62f3371b502de8a0c6cb5610dc6854
SHA1 hash: 03d5e7ed86000975c867cdddf8437a801cce4c94
MD5 hash: 0459b5a5fb9928d9811b267edc6e183d
humanhash: purple-freddie-idaho-table
File name:DHL DOCUMENT Ref ID 4653179812.PDF.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:415'884 bytes
First seen:2020-06-16 12:15:15 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:LAnQs674m2B6iAsTrbERmUmfcfSuFn+biK:0W4LBcsTrbERnmuSuwb9
TLSH D7942397DA1C31E90CEEF53F4399BC1F1ECB620B1AE6D7A4A7A839BC5010B8C6584117
Reporter abuse_ch
Tags:AgentTesla DHL r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lumoss23.pw
Sending IP: 142.11.213.201
From: DHL SERVICES <hr@lumoss23.pw>
Subject: DHL Shipment Notification Ref ID: 4653179812
Attachment: DHL DOCUMENT Ref ID 4653179812.PDF.r00 (contains "DHL DOCUMENT Ref ID 4653179812.exe")

AgentTesla SMTP exfil server:
mail.kalatecnic.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 12:17:05 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sdd6jwe6tub57tqhnps2j3mw266kwhrqbmwqe7cvrt5vube6qk4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 90c7e4d89e9d03dfce076be5a4ed96d7bcab1e300b2d027c558cfb5a049e82b8

(this sample)

AgentTesla

Executable exe bf9aed997a66dbfb9a3b24f4d2b393204a7fa43bd7eecaf3670850f8a4c553f0

  
Dropping
MD5 2c8da914d4d6bf79e9613efa5b7382ba
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf9aed997a66dbfb9a3b24f4d2b393204a7fa43bd7eecaf3670850f8a4c553f0

Comments