MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0023225f59a7834283315411278a81187b500db9f04fcebae72c144ba0dd72af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0023225f59a7834283315411278a81187b500db9f04fcebae72c144ba0dd72af
SHA3-384 hash: 871226849eb54937369fc1c6001942522129d2abaa282583e6faf083a925980c6dc1ea4a1b6049c8f15d0c2e9d66d171
SHA1 hash: 6b3d5f3d7ce2048ba56022e8b9b095dc90beb346
MD5 hash: d14c2858da5c0acd3ae16eed05f891c0
humanhash: idaho-seventeen-glucose-don
File name:DHL_Shipping Documents.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:709'508 bytes
First seen:2020-10-27 06:46:26 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:uu6+ZnPBv3S0x/BfCpMBIFz109JB1DR1vKCYAuL+m6KBXp4nxmAijOj7NQ/32l8R:uuXNPBv3DPfCpqC1q9DR1k3BBKxmAH8Z
TLSH F9E42361BD31516B6AAE193B3C5534A043132ACBB281C755E7B1E2FEF0B1CD563B8E09
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Steve YouHS (DHL CN)"<Steve.YouHS@dhl.com>"
Received: "from dhl.com (unknown [103.99.1.140]) "
Date: "26 Oct 2020 19:37:46 -0700"
Subject: "Urgent Shipment Arrival Notice"
Attachment: "DHL_Shipping Documents.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0023225f59a7834283315411278a81187b500db9f04fcebae72c144ba0dd72af/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 16:38:35 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
14 of 29 (48.28%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aarsex2zu6bufazrkqispcubdb5vadnz6bh45oxhfqkexig5okxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0023225f59a7834283315411278a81187b500db9f04fcebae72c144ba0dd72af

(this sample)

AgentTesla

Executable exe 08eb7d52f9f2817aa4e6f89628f9d4e4fe9c4f8bfcebf48807de7ad03e8fdbf4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 08eb7d52f9f2817aa4e6f89628f9d4e4fe9c4f8bfcebf48807de7ad03e8fdbf4
  
Dropping
AgentTesla

Comments