MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc3be9668bd6335c8878a108d657be509dfd6f4277860cbafd2c2632810afd85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cc3be9668bd6335c8878a108d657be509dfd6f4277860cbafd2c2632810afd85
SHA3-384 hash: c8eb7a8c2012d34d895c51266fd66d1604a0bc165f7ccd2ade8438bd02944efb562080ebf2addd892e74599f0ec6000e
SHA1 hash: 6491751a162b2988d8db9b3924be7b7a981dc4cf
MD5 hash: 75062d079eed91cbb177c47a0b4085aa
humanhash: florida-early-artist-early
File name:DHl09945.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:221'042 bytes
First seen:2020-06-29 06:31:29 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:IDEmLpRrliD5G30dJK8efa1YMhwLibv6kb1yvaKxIEug0D3/eaSkprrDRR1rp:fORrl8Vdsa1YMhwONByCKGg84kp9Hp
TLSH 8A2412460D21ED5E6B237FA5E3B84D9E89F7D987680D0E90E717A2933E44B1C083B12D
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps6063.nqhost.com
Sending IP: 66.85.131.83
From: DHL EXPRESS<waybill@dhl.com>
Subject: RE: DHL-Overdue Outstanding On- Final Reminder
Attachment: DHl09945.rar (contains "DHl 09945.exe")

AgentTesla SMTP exfil server:
webmail.platinumtransportservices.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cc3be9668bd6335c8878a108d657be509dfd6f4277860cbafd2c2632810afd85/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:33:03 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zq56szul2yzvzcdyueenmv56kco7232co6dazox5fqtdfaik7wcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar cc3be9668bd6335c8878a108d657be509dfd6f4277860cbafd2c2632810afd85

(this sample)

AgentTesla

Executable exe 1180c43e3a157c4281bb941803b47646935489139498167e6877822744d275c8

  
Dropping
MD5 1c1aedccf191342f7d24fc64f3723668
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1180c43e3a157c4281bb941803b47646935489139498167e6877822744d275c8

Comments