MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 084674c6f02d11b31a4ffda1c04753f315023c1d7ddc9f9c79549e6529a2138b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 084674c6f02d11b31a4ffda1c04753f315023c1d7ddc9f9c79549e6529a2138b
SHA3-384 hash: 45e8cb48d9744196116a20be87e7c79ddca86adbfb3edc7b890b89bca4792aca1b1e9e4713e298a7842a82184233ba5b
SHA1 hash: ea850cc4cb7d21cd8a4eb52fb7fff2ad97e61369
MD5 hash: 3b2533d2289fb6043a04a02b2e3d793b
humanhash: march-cup-mountain-sierra
File name:Shipment Airway Bill_pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:527'316 bytes
First seen:2020-04-29 18:45:35 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:3UNMg7oiuArjByw8egLZOBWmwl7Gv3fnRjxVChdXgIXy4Nr:3kMMoi9jBT83Z0WnBSVChdNX3r
TLSH 4CB423F93BA97AD0272EC922B098DA599361B1485041F4CF787F20960BB7D986F77D03
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.vinylbannersprinting.co.uk
Sending IP: 217.174.249.10
From: DHL EXPRESS <worldwide@dhl.com>
Subject: DHL Express shipment per-alert!!
Attachment: Shipment Airway Bill_pdf.gz (contains "Shipment Airway Bill_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 06:25:17 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbdhjrxqfui3ggsp7wq4ar2t6mkqepa5pxoj7hdzkspgkknccofq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 084674c6f02d11b31a4ffda1c04753f315023c1d7ddc9f9c79549e6529a2138b

(this sample)

AgentTesla

Executable exe aa7e5f5cdac31f2c3ab01943698aa99fab250a26962d6b39f72523bb9d3127e1

  
Dropping
MD5 6d08476968a7902f15756dbc6035fd0a
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa7e5f5cdac31f2c3ab01943698aa99fab250a26962d6b39f72523bb9d3127e1

Comments