MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0619fc14411e63fedfceb0d9d18c84907cef9a23caa4aebcaa038121d1b4c5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0619fc14411e63fedfceb0d9d18c84907cef9a23caa4aebcaa038121d1b4c5d
SHA3-384 hash: 92e8a581323fdf0466a4324a6fe46af2cf8193369daf657fdaa6f0503cdf726afe32c9114972cffe5dad71501f7e0f87
SHA1 hash: 3c046215ff4d46ef941d06871fd6ad6f02f47b5a
MD5 hash: d6f2502047ddcefe1e56caa2ada0b12b
humanhash: alaska-whiskey-orange-grey
File name:DHL EXPRESS 564564645.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'330'184 bytes
First seen:2020-05-04 21:38:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:fPQwgWrQ9ALnLQ/8l/J1SMqhEuaJ6Iv19ZbSILScBTITvShrNx2/VcsuRlgYy1Pl:XPrQWLkO/dMy6IjZbSsTWvSXxsCsuRlw
TLSH 50553365E48F1F6DEA69F23B53164B9E200C5BCDF6841C6726AC01D2E9C749CBF8CA10
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 105132prem.dedicados.cl
Sending IP: 201.148.105.132
From: DHL Express <no_reply@dhl.com>
Subject: SHIPMENT ARRIVALS AND BILL OF LANDING
Attachment: DHL EXPRESS 564564645.zip (contains "DHL EXPRESS 564564645.exe")

AgentTesla SMTP exfil server:
smtp.erkonsentre.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Script-AutoIt.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 22:36:39 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbqz7qkechtd73p45mgz2ggijed456nchsvev26kua4behi3jroq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b0619fc14411e63fedfceb0d9d18c84907cef9a23caa4aebcaa038121d1b4c5d

(this sample)

AgentTesla

Executable exe 154ea556ce6600e41c2431e3fea513ab71c322589d02a35d4c84cb761191992e

  
Dropping
MD5 255a71aa252be5a5ba351375fb4aa1b4
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 154ea556ce6600e41c2431e3fea513ab71c322589d02a35d4c84cb761191992e

Comments