MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1455ecd726c5be475fbd04cfa9262a0eab1e66f5cee072390a21ca0196290cf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1455ecd726c5be475fbd04cfa9262a0eab1e66f5cee072390a21ca0196290cf3
SHA3-384 hash: b1ca94811eb7a6353afa9364d0e4f7e22360323fa46666929b1231a566a384e29025fe15662de5f0a291898dc63f8108
SHA1 hash: a8b8713c1501dbbde8135e84b640df0b32405cab
MD5 hash: 03847ddb9117c8926879e316552af09c
humanhash: hydrogen-mango-fifteen-nuts
File name:DHL Shipping Docs_pdf.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:502'278 bytes
First seen:2020-08-10 09:33:27 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:r58JVMrLrNOU9br8pXrEPFctaD5dbfJgi2bfYOB42i0+:r59rH8/beKadJ6sW4v
TLSH 15B4239B79561BFEA8B234D747EEB2EDC151689AF4C12A7CBE14C1FC806CA1A0C4F414
Reporter abuse_ch
Tags:AgentTesla DHL r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: qp0.216.laminopo.ml
Sending IP: 159.89.163.152
From: DHL EXPRESS <customerservice@dhl.com>
Subject: DHL NOTIFICATION: You Have A Package With Us
Attachment: DHL Shipping Docs_pdf.r00 (contains "DHL Shipping Docs_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1455ecd726c5be475fbd04cfa9262a0eab1e66f5cee072390a21ca0196290cf3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-10 09:35:06 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=crk6zvzgyw7eox55ath2sjrkb2vr4zxvz3qheoikehfadfrjbtzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1455ecd726c5be475fbd04cfa9262a0eab1e66f5cee072390a21ca0196290cf3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 1455ecd726c5be475fbd04cfa9262a0eab1e66f5cee072390a21ca0196290cf3

(this sample)

AgentTesla

Executable exe 34e851e30200d924177f7d916452342a87df1388830625bd3e43510ce4136af5

  
Dropping
MD5 83bb71d6e062534c8369ffca41b1aaff
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 34e851e30200d924177f7d916452342a87df1388830625bd3e43510ce4136af5

Comments