MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa59b12951e7e285dad55cf0d56518e259b942949499cf2fccf0402398ff4aee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa59b12951e7e285dad55cf0d56518e259b942949499cf2fccf0402398ff4aee
SHA3-384 hash: 94e7e52533e81feb3fce837b911ccc60c03e1589994ac776b70e0766c7e3b9994ba9cb3c804292808369f5234bc28ace
SHA1 hash: 476db24179de699d18ae10a425b862024ebee077
MD5 hash: 6edbc34b7bf70b8417bb341c4f8693d9
humanhash: robert-utah-tennessee-nineteen
File name:DHL CONSIGNMENT.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:589'529 bytes
First seen:2020-05-05 07:44:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:UHIovm+ATb/kXRhbwGXtzC0zhlj0ZGVXzJPC6RfEQoj:eIov2/k4Chzhlj0MXVXG
TLSH 4FC423363B71A6DF59CA51246B26750FB29C8E6DD672C9730E880642F2F0E158C2DEF1
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: indosat.net.id
Sending IP: 172.93.188.211
From: Dhl Delievery Team <kafedegan@indosat.net.id>
Subject: DHL CONSIGNMENT NOTIFICATION: AWB 3504741553
Attachment: DHL CONSIGNMENT.rar (contains "DHL CONSIGNMENT.exe")

AgentTesla SMTP exfil server:
smtp.anding-tw.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 08:36:23 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
14 of 31 (45.16%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vjm3ckkr47rilwwvltynkziy4jm3squussm46l6m6bachgh7jlxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar aa59b12951e7e285dad55cf0d56518e259b942949499cf2fccf0402398ff4aee

(this sample)

AgentTesla

Executable exe 246366b847f40185b79d4b7dccd159a0ea49b16043baa6c2898ad6dc88fcf0a0

  
Dropping
MD5 cdee0c3096c64862a35873bcc232105f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 246366b847f40185b79d4b7dccd159a0ea49b16043baa6c2898ad6dc88fcf0a0

Comments