MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 495b99d474cac0d6a7ea860beedf576532e39c14a074119bc2bcb7b375d65843. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 495b99d474cac0d6a7ea860beedf576532e39c14a074119bc2bcb7b375d65843
SHA3-384 hash: e5c3c1c7272789a41aa91e74f2684c24147529be37d7031f45e6bb959802b658635f5fd821f533addc5441c2cecc2169
SHA1 hash: bda109b9b24e1feb6424fb7502fbe3a4ca3865f9
MD5 hash: 35904e11374b78ddd02a5dc2dc963827
humanhash: winter-seventeen-april-seven
File name:ORIGENAL_DOCUMENT.IMG
Download: download sample
Signature AgentTesla
Create hunting rule
File size:2'162'688 bytes
First seen:2020-04-30 09:26:10 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:b4lavt0LkLL9IMixoEgeac5JQNTGDYBbnR73woFCtvw9Wvyrypq9MmCS:ukwkn9IMHeacXwJBbCKCa9War6aPCS
TLSH F0A5CF0263FD82A7C37E5133BA55B7017E7B782901A1B4FB2FB9053CA9205215E1E66F
Reporter abuse_ch
Tags:AgentTesla DHL img


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.beoxies.ga
Sending IP: 94.177.242.23
From: DHL EXPRESS <buhimport@dhl.com>
Subject: Re: DHL Awb : 2447151431 -
Attachment: ORIGENAL_DOCUMENT.IMG (contains "Shipping Document.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 17:52:20 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
18 of 31 (58.06%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jfnztvduzlannj7kqyf65x2xmuzohhauub2bdg6cxs33g5owlbbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

img 495b99d474cac0d6a7ea860beedf576532e39c14a074119bc2bcb7b375d65843

(this sample)

AgentTesla

Executable exe 3aedf2b9413bb9eb0af9daf292e5461a910e182ab9b30debb814f769323a85ff

  
Dropping
MD5 934bd2d965e788a56eec98a00ed6ca7c
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3aedf2b9413bb9eb0af9daf292e5461a910e182ab9b30debb814f769323a85ff

Comments