MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1098b1342dcaea957a0f5327e94f58fba82062b6d7f994b585390d94b042351a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1098b1342dcaea957a0f5327e94f58fba82062b6d7f994b585390d94b042351a
SHA3-384 hash: 17d5c7a569b8f410b4a341404ffd88d42c8daa5cc0413dc504aac9f79d6b020db609727d6eef7fc33760054a42a54cf1
SHA1 hash: ed200e19a686b88ad16797c01c5674a873485d27
MD5 hash: d6eabc3c5beeea562a79c1ad3fd1c9f6
humanhash: muppet-alpha-georgia-wisconsin
File name:DHL DOCUMENTS.ace
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'135'544 bytes
First seen:2020-05-10 07:56:27 UTC
Last seen:Never
File type: ace
MIME type:application/x-rar
ssdeep 24576:Y5KtzR6FumEQqKdWRI+G5Ph80AnxaiJ49r1VoAalkofqvN1iVBqUC:Y5KtzRRmEjKdWR0lhpAnbornETfqvNkA
TLSH 5D3533E16DFAE0D86A7D8936CEF09C0638E29CC749DB9A0B75537D0AE2560F81C4C176
Reporter abuse_ch
Tags:ace AgentTesla DHL


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.saxco.com.my
Sending IP: 116.0.120.79
From: DHL Customer Service <Italy@dhl-news.com>
Subject: RE: DHL Pakistan (Pvt.) Ltd Copies of original shipping documents
Attachment: DHL DOCUMENTS.ace (contains "DHL DOCUMENTS.exe")

AgentTesla SMTP exfil server:
mail.tipusurgical.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 08:35:45 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
16 of 48 (33.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ccmlcnbnzlvjk6qpkmt6st2y7oucayvw274zjnmfhegzjmccguna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

ace 1098b1342dcaea957a0f5327e94f58fba82062b6d7f994b585390d94b042351a

(this sample)

AgentTesla

Executable exe 6ce36752c7f2bb4f49a610660714c4b8521643d2035e74f08f326307140c598a

  
Dropping
MD5 25b4bc2923b99511b8db3ca2bbc1712b
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6ce36752c7f2bb4f49a610660714c4b8521643d2035e74f08f326307140c598a

Comments