MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b83936d530604db613eb79e6d4dee8117e468101a2fe54cda73905e62be3ce54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b83936d530604db613eb79e6d4dee8117e468101a2fe54cda73905e62be3ce54
SHA3-384 hash: 1755e28d440e9678e30e34bc981516fde1016c472e0f2a5da17d99243aa207acc06acefd181a42c7a560d64f26f8f486
SHA1 hash: a450b042b5c54d43e1a1adb0aa757c2a555fa489
MD5 hash: aa5db30896e20eb354b9b416a3cb65f1
humanhash: sixteen-mountain-louisiana-dakota
File name:AWB Document_7348255141_pdf.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:646'243 bytes
First seen:2020-07-16 06:46:35 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:zWrObhuyDo29s477RyexjNxFLU+UJ9oxYsywveuLNs0/Sz9aa5oNnDjK0Z:zWrOW29sK7UelTRUzJ+x2wvPBs+yZoN7
TLSH 86D42398B9714C4B2FFFB236E625705B9F225733B01E7565678B8380D0362EA1486773
Reporter abuse_ch
Tags:7z AgentTesla DHL


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 45-138-132-30.derakhshanrah.com
Sending IP: 45.138.132.30
From: DHL EXPRESS <CUSTOMERSERVICE@DHL.COM>
Reply-To: DHL EXPRESS <soomla6384@yahoo.com>
Subject: DHL Shipment Notification : 7348255141.
Attachment: AWB Document_7348255141_pdf.7z (contains "AWB Document_7348255141_pdf.exe")

AgentTesla SMTP exfil server:
mail.specialmetal.ir:587

AgentTesla SMTP exfil email address:
info@specialmetal.ir

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b83936d530604db613eb79e6d4dee8117e468101a2fe54cda73905e62be3ce54/
Threat name:
Win32.Trojan.Kezdthk
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:48:06 UTC
AV detection:
10 of 48 (20.83%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xa4tnvjqmbg3me7lphtnjxxicf7enaibul7fjtnhhec6mk7dzzka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z b83936d530604db613eb79e6d4dee8117e468101a2fe54cda73905e62be3ce54

(this sample)

AgentTesla

Executable exe eeeac74213c352afda53fd84a4a6cc2e200613a49f02c9b0f0a1fcd4ab0a06cb

  
Dropping
MD5 c4268c0d3af92b7ee7295a777b660dac
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eeeac74213c352afda53fd84a4a6cc2e200613a49f02c9b0f0a1fcd4ab0a06cb

Comments