MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd24038447b24a38c5a46d1affc44551738b042400935429fb2313d60b9c4d43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd24038447b24a38c5a46d1affc44551738b042400935429fb2313d60b9c4d43
SHA3-384 hash: fd9d998029f8fe1666769e1ae427c654bef2283a44ea2fb1f91c3122e77b1c4b8bffe4c6474f1fde66c4ae42b7f47a29
SHA1 hash: 393bbaecd3ae70249f4069cf3ddcf8452c8f1cbb
MD5 hash: 0dbaebdfb89b5c3f5e9332b454bd8f8d
humanhash: wolfram-echo-early-mars
File name:COSU 6270575380 PCL2004868048.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:573'447 bytes
First seen:2020-08-17 09:19:05 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 12288:pWG9WXu9Y/+598vUWIALJRY0zmNHFXf8g40KLao0nSVfjZR3:gylx4vU2XY0glYS7mjn3
TLSH E4C4233A5DA3CC2AF3A5DCB8DFDB9A0B97D561CD208C60E5C0E9A3F6E857AD4B001451
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 185.222.57.207
From: Leo Zhang (DHL CN) <leo.zhang2@dhl.com>
Subject: RE: JPAR354 PO#PCL2003827927 Shipping Order Num#202036196142
Attachment: COSU 6270575380 PCL2004868048.xz (contains "COSU 6270575380 PCL2004868048.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd24038447b24a38c5a46d1affc44551738b042400935429fb2313d60b9c4d43/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 05:08:41 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3usahbchwjfdrrnenunp7rcfkfzywbbeacjvikp3emj5mc44jvbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/dd24038447b24a38c5a46d1affc44551738b042400935429fb2313d60b9c4d43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz dd24038447b24a38c5a46d1affc44551738b042400935429fb2313d60b9c4d43

(this sample)

AgentTesla

Executable exe b4b4e82b4584a55722d213ea607a3b1131caaa039589a27e12ba4feeeaee7fb5

  
Dropping
MD5 d1d433ad7fe5db077cb81ef0e4ec4e60
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b4b4e82b4584a55722d213ea607a3b1131caaa039589a27e12ba4feeeaee7fb5

Comments