MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5efda6ca4ff5299869fb09fa89b2b521f091a4cd1498284e93c090b654ab6ad0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5efda6ca4ff5299869fb09fa89b2b521f091a4cd1498284e93c090b654ab6ad0
SHA3-384 hash: 1905a25de95e2b15f25e8ef6d98eb8534e0aa6aaed54379847883df9fddd95e3a4e44440cae7b643acebad823e5300d2
SHA1 hash: 604785a21b3cfbe53b109b2f6adfb485d3296783
MD5 hash: f5e149cde74cc32a3eeb9455f215976c
humanhash: shade-solar-twelve-december
File name:Delivery Note AWD-29383737383-3736783833.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:506'013 bytes
First seen:2020-07-21 18:39:27 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:ul4DXX8vERsbvfpPUP2nacUrVF5Z0wwbI3lpV9upi:uUX6ER02unFUrVF5Z0wwbI3l5Oi
TLSH 02B4231145EFCEBF2941043BE9383F95465459A22BCEB9BD210F7F23DAA1E142E39178
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server.manisanet.net
Sending IP: 89.252.178.16
From: DHL Express <katewright_dhl@gmail.com>
Subject: Failed DHL Delivery Notification
Attachment: Delivery Note AWD-29383737383-3736783833.gz (contains "Delivery Note AWD-29383737383-3736783833.exe")

AgentTesla FTP exfil server:
ftp.airporations.com:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.EOQO.27791.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5efda6ca4ff5299869fb09fa89b2b521f091a4cd1498284e93c090b654ab6ad0/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l362nssp6uuzq2p3bh5itmvvehyjdjgncsmcqtutycilmvflnlia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 5efda6ca4ff5299869fb09fa89b2b521f091a4cd1498284e93c090b654ab6ad0

(this sample)

AgentTesla

Executable exe 1c0d5a3dc1ac2c2b4a3eca709767ac255b6d73fc1a7f24181ff58627343f7dac

  
Dropping
MD5 92c1e6f3ae1ff35dd61e1d86252dc905
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1c0d5a3dc1ac2c2b4a3eca709767ac255b6d73fc1a7f24181ff58627343f7dac

Comments