MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d
SHA3-384 hash: ca6ae90baf33dc071b3cce06465d512d26b8410007a7e6e0ee1325ce478b22d34fb899614ce0bfa96d1c4ed6d010d9cf
SHA1 hash: 2250bcda2a259caaf6a42bd576bae257e490748c
MD5 hash: ea7de6cfc8ba2ff9c0220c1906f131d8
humanhash: chicken-south-mike-utah
File name:Shipping Documents_2998-0029-28833-92883.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:442'152 bytes
First seen:2020-05-14 07:09:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:xKP9FBxBsWgdRmd3B+6vK1yIwRLxuQPxWWTnA9:MrgDWR5SQDs9
TLSH 1D94238F1E6E5AFDE044B0AE58F6796A0DD5A199D4B9AC75C1830E636E0F274433DC04
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.macartajans.com
Sending IP: 89.252.130.69
From: ASIA_DHL | Express Shipping <DHLEXPRESS.BILLINGID@dhl.com>
Reply-To: DHL <customerupdat013489@gmail.com>
Subject: Urgent: Shipping Documents
Attachment: Shipping Documents_2998-0029-28833-92883.zip (contains "Shipping Documents_2998-0029-28833-92883.exe")

AgentTesla SMTP exfil server:
mail.acroative.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.AANW.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 05:15:16 UTC
File Type:
Binary (Archive)
Extracted files:
320
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s6jhkxrnxmvliwb7pinsroysjbdgv4z6uljp7zcnex64nw4gxjoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9792755e2dbb2ab4583f7a1b28bb1248466af33ea2d2ffe44d25fdc6db86ba5d

(this sample)

AgentTesla

Executable exe 76aeceb07ade4e0dca6cf046b682ae5909f578b725da30d10a46c6fb58cc3f33

  
Dropping
MD5 900b759ab7a29b28175f5a63c4437d05
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 76aeceb07ade4e0dca6cf046b682ae5909f578b725da30d10a46c6fb58cc3f33

Comments