MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 934b7238f9ac450d564fd09f3a4e51aab3a906aa892a2618501961f053c94e46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 934b7238f9ac450d564fd09f3a4e51aab3a906aa892a2618501961f053c94e46
SHA3-384 hash: e66dd69059025dabb55dfdc8828b11ef1f9cf7cea52585349c40f8cc51d1bb8ca9d329c5cab924751218e9e1f1bcf477
SHA1 hash: afffd2fc607617b7586c24148e2907d7f4a4aa30
MD5 hash: f656d412a6e169623afb1cbd2bc48832
humanhash: mobile-tango-comet-florida
File name:DHL PO1001910 Sample Arrive TrackingNo_SINI0068206497.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:247'566 bytes
First seen:2020-06-29 06:03:19 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:JqyNbC30MQMiUsg+x9C48X+SQQ/pxZDeSn:JlbM0iz+Gl
TLSH 8D34232D782B69A086883BF77333520955C98347070BB0A3F74AAA5875BBC11D7FD9C6
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail0.606.xianwongleepxc.casa
Sending IP: 161.35.157.97
From: DHL EXPRESS <noreply@dhl.com>
Subject: DHL PO1001910 Sample Arrive : Tracking No_SINI0068206497
Attachment: DHL PO1001910 Sample Arrive Tracking No_SINI0068206497.gz (contains "DHL PO1001910 Sample Arrive Tracking No_SINI0068206497.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.AgentTesla-7660762-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/934b7238f9ac450d564fd09f3a4e51aab3a906aa892a2618501961f053c94e46/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 00:36:26 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=snfxeohzvrcq2vsp2cptutsrvkz2sbvkrevcmgcqdfq7au6jjzda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 934b7238f9ac450d564fd09f3a4e51aab3a906aa892a2618501961f053c94e46

(this sample)

AgentTesla

Executable exe 2e663786404408fe41a473c75d88cdf5e2d55bb0d262cf5d461348087f4fbbdf

  
Dropping
MD5 6a840addc553edebbfc329fa370fe568
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2e663786404408fe41a473c75d88cdf5e2d55bb0d262cf5d461348087f4fbbdf

Comments