MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99a404f160b08ad1056fb02be1dfafb36fc8a5bfd386f647e6d248f7d4a9efcd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99a404f160b08ad1056fb02be1dfafb36fc8a5bfd386f647e6d248f7d4a9efcd
SHA3-384 hash: 9ed0d206722307ac92db21062b147f981cfe3400b747c1c64bf2e583f0be7fb22a61296aaf2c8d23da949dac7a93aa2e
SHA1 hash: fd23bee06e2a9e207003e52a2b922f57757a4ce3
MD5 hash: 2b50193bc2c988d7f245f6c5389d682b
humanhash: fifteen-stairway-happy-steak
File name:dhl_23072020_AWB23072020_INV009_99_27787.img
Download: download sample
Signature AgentTesla
Create hunting rule
File size:798'720 bytes
First seen:2020-07-29 07:40:03 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:uRXtpnVH9Az44BnvOCDhzcl0UdKndi2bnXqVaTp9UwkU3zjMeb6Kl3YQJ+:ufd8z4byilBdlGXEaTpvhzjMy8
TLSH D5059E66B2E14833D1672E789C1B97649B3ABE102B3859C72FEC1C4C5F396C13876297
Reporter abuse_ch
Tags:AgentTesla DHL img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.macartajans.com
Sending IP: 89.252.130.69
From: DHL | Express Shipping <DHLEXPRESS.BILLINGID@dhl.com>
Subject: Urgent: Shipping Documents (FINAL WARNING)
Attachment: dhl_23072020_AWB23072020_INV009_99_27787.img (contains "dhl_23072020_AWB23072020_INV009_99_27787.exe")

AgentTesla SMTP exfil server:
smtp.knmbz.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Stealer.19347.10936.15784.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99a404f160b08ad1056fb02be1dfafb36fc8a5bfd386f647e6d248f7d4a9efcd/
Threat name:
Win32.Trojan.DataStealer
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 07:41:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tgsaj4lawcfncblpwav6dx5pwnx4rjn72odpmr7g2jeppvfj57gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 99a404f160b08ad1056fb02be1dfafb36fc8a5bfd386f647e6d248f7d4a9efcd

(this sample)

AgentTesla

Executable exe c440a72dafbe500ae677f83d99ab1b342ef6393b2ee2ae5f55cfd95b1218622d

  
Dropping
MD5 475db3a6d4e97a15e19d68651b996123
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c440a72dafbe500ae677f83d99ab1b342ef6393b2ee2ae5f55cfd95b1218622d

Comments