MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8fadb389277ddda11c44f8f2eabcc5de5da6c02d067e7a1505b6aba3d6ff6bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8fadb389277ddda11c44f8f2eabcc5de5da6c02d067e7a1505b6aba3d6ff6bf
SHA3-384 hash: fc6274e49f501d39f5e3771e1de2b5907d5298d6a52a93f14dd5e31053f8b104de22a1016bd1f7e5afce3a31a8205544
SHA1 hash: 19790271657a33f0d1d37c134216f315181726ef
MD5 hash: 8d369cb0879373692cacead79e8dd02a
humanhash: alaska-alabama-nuts-saturn
File name:DHL_Document.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:390'213 bytes
First seen:2020-06-24 06:47:51 UTC
Last seen:2020-06-24 10:35:04 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:bdOXamMPm6TNRHtA89i2fyhnGSjw8Gns+XxG6qeiPkEV3lNGSurgladYWV:bQ4mSPt5I2fbSjw8Ms6x/qnkE529XH
TLSH 618423DC26B36E17F1B8B49F3ED440D67DCAE29D0D8043D59BA4A47830D9BE27248899
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: dhl.com
Sending IP: 103.99.1.145
From: DHL Express<dhlsender@dhl.com>
Subject: RE: Shipment Arrival Notice
Attachment: DHL_Document.rar (contains "DHL_Document.exe")

AgentTesla SMTP exfil server:
mail.aquariuslogistics.com:587

AgentTesla SMTP exfil email address:
ajay@aquariuslogistics.com

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8fadb389277ddda11c44f8f2eabcc5de5da6c02d067e7a1505b6aba3d6ff6bf/
Threat name:
Win32.Trojan.Bluteal
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 06:49:03 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7d5nwoeso7o5ueoej6hs5k6mlxs5u3ac2bt6pikqlnvluplp627q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar f8fadb389277ddda11c44f8f2eabcc5de5da6c02d067e7a1505b6aba3d6ff6bf

(this sample)

AgentTesla

Executable exe 1fa1363c857cc46f603a4eff38b86058b80ecca1f554c65e943f94725b5c2570

  
Dropping
MD5 615bf96891a61c261995f100b65f5097
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1fa1363c857cc46f603a4eff38b86058b80ecca1f554c65e943f94725b5c2570

Comments