MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da25e3a8abd01c0ef1b91f5ec20fd2fc48e146dfdf26a5480d7f276e13b83bd2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da25e3a8abd01c0ef1b91f5ec20fd2fc48e146dfdf26a5480d7f276e13b83bd2
SHA3-384 hash: 799036540c84a1b652f4bbb1404e0cf22cdcfb7f00c96286d7f06063e646fe14cd184fe117f081b20923782916a39c05
SHA1 hash: 7b7bb44066ba08bbef2a6ccde384f973a21f175b
MD5 hash: fa9caa18ba927f30ac55f7bcefb40df7
humanhash: texas-vegan-ceiling-lima
File name:DOCUMENT AWB-554334567_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:343'583 bytes
First seen:2020-05-13 06:58:14 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:aAhKEWAWlql+xb8uz/6ImrK0azk1RDBp9dD/uH830OTu9XK/0c/9bNWux:JKEWAWAlkIuzyImrKpY1RtPdzE8EO0XQ
TLSH 2A7423EE3E4689C555F957AF08247F8B384EA5370460A687223D4BF9F783A759CC00CA
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: 45-138-132-30.derakhshanrah.com
Sending IP: 45.138.132.30
From: DHL EXPRESS <CUSTOMERSERVICE@DHL.COM>
Reply-To: DHL EXPRESS <soomla6384@yahoo.com>
Subject: DHL Shipment Arrival Notification
Attachment: DOCUMENT AWB-554334567_pdf.rar (contains "DOCUMENT AWB-554334567_pdf.exe")

AgentTesla SMTP exfil server:
premium80.web-hosting.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:31:43 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 48 (43.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3is6hkfl2aoa54nzd5pmed6s7reocrw734tkksanp4tw4e5yhpja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar da25e3a8abd01c0ef1b91f5ec20fd2fc48e146dfdf26a5480d7f276e13b83bd2

(this sample)

AgentTesla

Executable exe 164e48e363fa5ab0f87e623500e1a9752deb0726e14d2dbfb8efb3fb242b0de4

  
Dropping
MD5 eb04e1617e2b6a4443babb3ed812cc32
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 164e48e363fa5ab0f87e623500e1a9752deb0726e14d2dbfb8efb3fb242b0de4

Comments