MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd23dc4a5bd9bbd785fdc8dcf0968bfa5641af5720aa58f3575d2630ad5aa918. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd23dc4a5bd9bbd785fdc8dcf0968bfa5641af5720aa58f3575d2630ad5aa918
SHA3-384 hash: 59c91d0a25e75148ac824629e89380976881479e57b009812d7427d6cbc69bd0bf2189778d11b9733d6eabcd74cfdba0
SHA1 hash: 944797f4d9b7b564a58451da89124f77106b2d30
MD5 hash: acc053302cd34f17bc5ffe4836fb9727
humanhash: massachusetts-lithium-solar-harry
File name:Deliver Note- AWD 20008766543-543939939223232.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'041'497 bytes
First seen:2020-05-12 15:10:59 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:vihVKaPb3uS9VcSY/xzhfIaDwk3ZTgFoDsTGZtCl5:oF3uSL4/xtfJwk3tgCs0ol5
TLSH EA25333EF6A101A3AC85C6D992EDD20D33F897776440C960F4D79AA2D5A4B234B4B0FD
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

From: DHL Express <katewright_dhl@gmail.com>
Subject: Failed DHL Delivery Notification
Attachment: Deliver Note- AWD 20008766543-543939939223232.gz (contains "Deliver Note- AWD 20008766543-543939939223232.exe")

AgentTesla FTP exfil server:
66.45.232.205:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 15:36:07 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3ur5yss33g55pbp5zdopbful7jledl2xecvfr42xlutdblk2vema._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz dd23dc4a5bd9bbd785fdc8dcf0968bfa5641af5720aa58f3575d2630ad5aa918

(this sample)

AgentTesla

Executable exe fa029f3f149b2c256dd41171fad7844d28eacc04e2c26eaddc7de608824f1910

  
Dropping
MD5 6fa946c6b457f2cee6ebe13fbfa54e85
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa029f3f149b2c256dd41171fad7844d28eacc04e2c26eaddc7de608824f1910

Comments