MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bba48fe2591d8ac350eb5a66a9946f11d283e9651b00882ed29492f748d4f8cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bba48fe2591d8ac350eb5a66a9946f11d283e9651b00882ed29492f748d4f8cf
SHA3-384 hash: a9b5f548b98648fcd86adbb9af97546e00491951cb42d0937688d4e2d77e04773db4a6aefe703d142eab20e21006b6c2
SHA1 hash: f548e35ef8821946e82e201f9b6822c78a9c64f9
MD5 hash: 3d4332e2b380b40fbe5ed011013d900b
humanhash: magazine-shade-hydrogen-mexico
File name:DHL_AWB.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:451'937 bytes
First seen:2020-05-06 08:34:47 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:WzlcGDvIdGZqLg1ko2QsA4Ih/QKWRn/J6:WzDv9ZqLiH2NAXh2n/J6
TLSH 9DA4233AD9AE63F5495F621E0919D0DC7A96C2FC81CBB21E5726BF200F31E734502A4E
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: pkz21-3-spamexpert1.hoster.kz
Sending IP: 185.113.132.140
From: DHL EXPRESS <support@dhl.com>
Subject: DHL ONLINE SHIPPING PARCEL NOTIFICATION / TRACKING
Attachment: DHL_AWB.pdf.gz (contains "DHL_AWB.pdf.exe")

AgentTesla SMTP exfil server:
smtp.znshenesolar.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-1
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Nanocore.23.31273.12919.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 12:12:42 UTC
File Type:
Binary (Archive)
Extracted files:
41
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xosi7yszdwfmguhlljtktfdpchjih2lfdmaiqlwsssjposgu7dhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bba48fe2591d8ac350eb5a66a9946f11d283e9651b00882ed29492f748d4f8cf

(this sample)

AgentTesla

Executable exe 9fcdf8b68c9687eb79d7aa2f6abe0541de24b65ac359c1fbb747c49d450b36c6

  
Dropping
MD5 a6cf343a7d9a8aca878067fbb39bf67b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9fcdf8b68c9687eb79d7aa2f6abe0541de24b65ac359c1fbb747c49d450b36c6

Comments