MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad
SHA3-384 hash: 4852a6cc8c0bcf71b8d7090db5b67b359ac9476d7b4e7ededb3d09a2e64cb4a3d192b0b26fd90259c9cd90ebba990250
SHA1 hash: 41942ca55fec01e19e901f90f264edef4d122cdd
MD5 hash: aab874db1835b51fb71d2f4195a0e8d2
humanhash: charlie-ink-bacon-glucose
File name:DHL_Delivery Invoice.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:705'497 bytes
First seen:2020-08-04 13:38:33 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:0jjFSaI9VyqetGCBdUnEHlgMK2xgpQKHM30Mu62JhNJ1uUyBuQpb:0jjFSaQrb2Hg9bpqkMubYBuC
TLSH 29E4336E8E0C09239E1E9A310369FB89586ED1730BC338958B5F25FD9A1B93B15C131F
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cx0.75.swmianllc.ga
Sending IP: 188.166.241.127
From: DHL Express <75.swmianllc.ga>
Subject: DHL Arrival Notice: WayBill, BL., Packing List & Shipping Documents.
Attachment: DHL_Delivery Invoice.gz (contains "DHL_Delivery Invoice.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.20094.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 13:40:08 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wafvrkctchf6ohc7mxhujrp46gkctnbtkeyxqmxah7ykmk4o2wwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b00b58a85311cbe71c5f65cf44c5fcf19429b43351317832e03ff0a62b8ed5ad

(this sample)

AgentTesla

Executable exe e1cb4a0d3813ad837a8a170bdc6674d860d053e4be87562f1808657f57066dd1

  
Dropping
MD5 e4754d3f24f868380403973a52fcb1e7
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1cb4a0d3813ad837a8a170bdc6674d860d053e4be87562f1808657f57066dd1

Comments