MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e41771d5b782ec424ed4aadc2491a6cffa0789e76ffe57520a9a8e3d5f795e87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e41771d5b782ec424ed4aadc2491a6cffa0789e76ffe57520a9a8e3d5f795e87
SHA3-384 hash: 846a4e5dc6f83cfcd38e0368049d3dbc5c96563a60120b8792d317ddd697284ef2dcc4f58c9432b2171e1bc9c373ee30
SHA1 hash: 702f1fba0c0c280d884c1058098acba1e2c275c1
MD5 hash: f93de7f149c7a0979571e8afefaa563a
humanhash: social-december-april-tennis
File name:Delivery Note - AWD 200038485852- 2349203968876.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'075'909 bytes
First seen:2020-06-08 07:19:22 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:Lhn4TQ2u0DKBhckjA+rSOqkVll1ycKPZrtO6h3Fifx:Lhn4E2uVBmkRZzry1ZHifx
TLSH 8435335394D077DDDC5287DBF43B3BD51CE8DB90906B0AA28E0FB266B09E2577084B98
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: ecommercen1.advisable.gr
Sending IP: 116.202.189.75
From: DHL Express <katewright_dhl@gmail.com>
Subject: DHL Failed Delivery Notification
Attachment: Delivery Note - AWD 200038485852- 2349203968876.gz (contains "Delivery Note - AWD 200038485852- 2349203968876.exe")

AgentTesla FTP exfil server:
ftp.irregnancised.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.AitInject
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 07:21:05 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4qlxdvnxqlweetwuvlocjengz75apcphn77fouqktkhd2x3zl2dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e41771d5b782ec424ed4aadc2491a6cffa0789e76ffe57520a9a8e3d5f795e87

(this sample)

AgentTesla

Executable exe d93d5ecf154e81512af229f5162805ae2f90b4f53b507511de99723376b861ef

  
Dropping
MD5 50659bba394e85b764147c919f1f1725
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d93d5ecf154e81512af229f5162805ae2f90b4f53b507511de99723376b861ef

Comments