MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16000f37090f41ec8a282cb05f6c55def7cdcd1c1d9e971bb648ad77d4952ce9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16000f37090f41ec8a282cb05f6c55def7cdcd1c1d9e971bb648ad77d4952ce9
SHA3-384 hash: a456e6a92dba6fa54c488f78c07d497740ccd5e5a819d8976ccfd6a1d140cb21827b2b29d568c63791b9d23999c9386e
SHA1 hash: 21400bc84a90218d4e31554611c31b71d0680490
MD5 hash: 9126ac7d92de21742205aa7283ceeeea
humanhash: maryland-massachusetts-two-nuts
File name:AWB - Invoice Shipping Documents.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:493'702 bytes
First seen:2020-10-26 10:10:05 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:QwmRY05cFhOxtU1+Lrve7XFMjYJ2ZMRvhLuYM0xFWH1s:QxN5/xtU0fG7XyjYJ/A6Q1s
TLSH E8B423C61010324F557EF4C2F3C843D29E96A14819F90ADD7E38EF6769A025F259BCB9
Reporter abuse_ch
Tags:AgentTesla DHL gz HostGator


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: gateway20.websitewelcome.com
Sending IP: 192.185.67.41
From: DHL EXPRESS SHIPPING <fernandomiranda@faprodmir.com.mx>
Subject: Fwd: AWB - Invoice and Shipping Documents
Attachment: AWB - Invoice Shipping Documents.gz (contains "AWB - Invoice Shipping Documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.5911.27084.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16000f37090f41ec8a282cb05f6c55def7cdcd1c1d9e971bb648ad77d4952ce9/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-25 23:19:21 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cyaa6nyjb5a6zcrifsyf63cv33343ti4dwpjog5wjcwxpvevftuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 16000f37090f41ec8a282cb05f6c55def7cdcd1c1d9e971bb648ad77d4952ce9

(this sample)

AgentTesla

Executable exe 60c5937025d6f55a67d64ba824bb2ea0ba3aedd9dd949429544aaec829b98410

  
Dropping
MD5 a05db5ec1464c4281e38f2fc90daba7e
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 60c5937025d6f55a67d64ba824bb2ea0ba3aedd9dd949429544aaec829b98410

Comments