MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00c683daa732a0f64c8601e5c6ba8e006f84f9ed24180dea224f05c72d27baed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00c683daa732a0f64c8601e5c6ba8e006f84f9ed24180dea224f05c72d27baed
SHA3-384 hash: 77a2e96031444b4894b1c72f03d94281b7525bd3f46e82f6abde1003583da38f729e409779090f363f4bb3ccc6224770
SHA1 hash: 355d3227ab40ebe67dc191a61a28abfee785593e
MD5 hash: 3e0e01ef963ccba4dfdafaf8a2bd3ea0
humanhash: helium-tennis-ceiling-west
File name:DHL00117353792022PDF.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:544'768 bytes
First seen:2020-05-13 07:05:21 UTC
Last seen:2020-05-13 07:22:30 UTC
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:GGdV4t2s8OHN9EcoHvA7QaEaxNB5JxhqWn5rc:GM4Is8G/EPA7NT5DUWn9
TLSH 43C412A43D02D84FCE7669B82149C78A87639C87B4B1F58B3EAD7C30A7873D50D507A9
Reporter abuse_ch
Tags:AgentTesla DHL iso


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vxado-27.srv.cat
Sending IP: 46.16.58.131
From: DHL Express Delivery <info@dapelixi.com>
Reply-To: worldnetofficemailer@gmail.com
Subject: DB_DHL_AWB_00117353792022
Attachment: DHL00117353792022PDF.iso (contains "DHL00117353792022PDF.exe")

AgentTesla FTP exfil server:
ftp.eden.ro:21

Intelligence

File Origin
# of uploads :
2
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 07:36:36 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
15 of 31 (48.39%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=addihwvhgkqpmtegahs4nouoabxyj6pneqma32rcj4c4oljhxlwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 00c683daa732a0f64c8601e5c6ba8e006f84f9ed24180dea224f05c72d27baed

(this sample)

AgentTesla

Executable exe 3e65f5a5983ed021643425c83b8ffc1f324402a3acd38bf6625658218a690fa0

  
Dropping
MD5 c491cdad621329618d549769f117d833
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3e65f5a5983ed021643425c83b8ffc1f324402a3acd38bf6625658218a690fa0

Comments