MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f640c3066c24a32a061f6ab6581ff0ea48a33fb26a59101447754e9d5a47f394. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f640c3066c24a32a061f6ab6581ff0ea48a33fb26a59101447754e9d5a47f394
SHA3-384 hash: ee7a3c3ce2c4cd34c7a9b86a4f0dee1d8b438029ba1aba0c7900d18cafecc382a6b19e7fbddba291b2153ef2b1db22f6
SHA1 hash: b9c3921a597f79145b8478e4ed319f12ff9a6c8d
MD5 hash: 1dfaa994f4aa64ac8c3115ac6bbdbc36
humanhash: potato-neptune-fruit-nine
File name:dhl_doc7348255141.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:393'965 bytes
First seen:2020-06-29 17:54:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:erCgLzd3mhMu5aXI7D641BR1akzQRu9Mc:eWg13c5a47D6qBR1LzQ8Mc
TLSH 978423983DE76D11D0D4D5177E9DAA4E370BD49A031182BD862BE6C83C49BEC46F8B8C
Reporter abuse_ch
Tags:ace AgentTesla DHL


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: no.nonrepostsapi.live
Sending IP: 45.95.171.125
From: DHL Express Support <no_reply@dhl.com>
Subject: DHL Shipment Notification : 7348255141
Attachment: dhl_doc7348255141.ace (contains "dhl_doc7348255141.exe")

AgentTesla SMTP exfil server:
smtp.waltartosto.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Noon-8361669-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f640c3066c24a32a061f6ab6581ff0ea48a33fb26a59101447754e9d5a47f394/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 17:56:05 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zamgbtmesrsubq7nk3fqh7q5jekgp5snjmrafchovhj2wsh6oka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip f640c3066c24a32a061f6ab6581ff0ea48a33fb26a59101447754e9d5a47f394

(this sample)

AgentTesla

Executable exe 8efdf4cc2920c2c6249a9c38ca612a1b238dd477194a55bff42f1a20ecfd0ebe

  
Dropping
MD5 f9e44a1e4a74f1dbf11108bdb643b0d3
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8efdf4cc2920c2c6249a9c38ca612a1b238dd477194a55bff42f1a20ecfd0ebe

Comments