MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5d4dbba2b7294f20a501bab02150d9cb0041783944f5a620d30a875deac94df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a5d4dbba2b7294f20a501bab02150d9cb0041783944f5a620d30a875deac94df
SHA3-384 hash: bb3ca1adc85fb3fdaadf41c4c56156c4d0232a4c7a01b17de5bd88c9406047492cae7fcacd290178edb346adc2f99115
SHA1 hash: c8d68a756802fd9b1aa0c5e312a425d575659b22
MD5 hash: 51e7df004a78ad5e9a1c1bde1c8d9c13
humanhash: dakota-juliet-seventeen-tango
File name:DHL A8002742088-Contact form.pdf.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:427'511 bytes
First seen:2020-05-01 11:52:34 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 12288:tIVGaPtmW9K5AouIVAmbIIZR/Zw0TfYNbtk:tIVGEouIVZZR/Zw0TfYNbtk
TLSH D69423CF9D2EE964CF6925B7B1392D410A12F9134A50FB62A35EE22D32F17408C16D9F
Reporter abuse_ch
Tags:AgentTesla DHL z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: llsc093-a17.servidoresdns.net
Sending IP: 82.223.190.45
From: DHL Express <contabilidad@sumybric.es>
Subject: Reference: GOT / 731104 :: Arrival Notice
Attachment: DHL A8002742088-Contact form.pdf.z (contains "DHL A8002742088-Contact form.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
161
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 12:35:48 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
17 of 31 (54.84%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uxknxorlokkpecsqdovqefintsyaif4dsrhvuyqngcuhlxvmstpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

z a5d4dbba2b7294f20a501bab02150d9cb0041783944f5a620d30a875deac94df

(this sample)

AgentTesla

Executable exe afa01ac749d07add64b68dbeb19d3723fe9a11f9fd5e55deb803949837e3e936

  
Dropping
MD5 b965abb891dfb415ba6f897f16ba8c0c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 afa01ac749d07add64b68dbeb19d3723fe9a11f9fd5e55deb803949837e3e936

Comments