MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71
SHA3-384 hash: f0828a088570788e21e52ef5ce34469aa6e81452f10e7ade2a62266905fc72777cbab8c9ba658c5d36a3a1b797e62a1a
SHA1 hash: 9334f7b34792b4fad16a42063a8951afd72a5d40
MD5 hash: 3a04ad3a022739bffe8c54ab181cb239
humanhash: oklahoma-cardinal-tennessee-may
File name:Shipping Document PLBL Draft.r00
Download: download sample
Signature AgentTesla
File size:223'147 bytes
First seen:2020-06-30 12:09:58 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:CxU5+cQFFvPuDY1EkZD2qowzAH1eR/Tk10:WvjvPufkZD2jVH1K1
TLSH C52423A5331800E1AD2C936296ACB5F64BF7E231D68DCF09C7C73B9E25E92541D7A01E
Reporter @abuse_ch
Tags:AgentTesla r00 TNT


Twitter
@abuse_ch
Malspam distributing AgentTesla:

HELO: cloudhost-433832.uk-south-2.nxcli.net
Sending IP: 165.84.219.136
From: TNT EXPRESS <service@tnt.com>
Subject: Consignment Notification: You have A Package With Us
Attachment: Shipping Document PLBL Draft.r00 (contains "Shipping Document PL&BL Draft.exe")

AgentTesla SMTP exfil server:
mail.flood-protection.org:587

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 1
# of downloads 23
Origin country US US
ClamAV No detection
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Agensla
First seen:2020-06-30 12:11:08 UTC
AV detection:11 of 31 (35.48%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 25.81%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 1758585455553ddd83a8fca9e503873f493f31b79a0aaf14aa11ea97a659cf71

(this sample)

  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment

Comments