MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62b036459805847a92f540a5c9a3f0858b39255b7308a8ef8fb9bfb9fdba1c6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62b036459805847a92f540a5c9a3f0858b39255b7308a8ef8fb9bfb9fdba1c6c
SHA3-384 hash: 8b24f2afa4a063cf960b99972cbce2579500d4df0ef6b1552ee40ad09e129899af39091971c530ba0405d03d8380ea99
SHA1 hash: 74ed9b8e3ccc9a27c1e595eb27516100fa276323
MD5 hash: b5bf3b60ce64e555b2ff1aca62b76d5f
humanhash: seven-nitrogen-virginia-april
File name:DHL Shipping Documents.z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:552'526 bytes
First seen:2020-08-18 08:51:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:to3ha+hXTdWTXL1CXctFU8oPqRKfwTMuibVZ5hQ0684N7JjJ43Cbh:to8+hXTdWT7oXctFULqRKoTg96Z5BG3u
TLSH 4DC423860152873FD789761466DACE8378538378DED7E39EBC7918CF428AA91C2C0D27
Reporter abuse_ch
Tags:AgentTesla DHL z


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: vps03.bsolus.pt
Sending IP: 80.172.253.75
From: DHL International <Florin.Anghel@dhl.com>
Subject: Re: Your Shipment invoice & packing-list
Attachment: DHL Shipping Documents.z (contains "DHL Shipping Documents.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62b036459805847a92f540a5c9a3f0858b39255b7308a8ef8fb9bfb9fdba1c6c/
Threat name:
ByteCode-MSIL.Hacktool.Mimikatz
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 08:53:04 UTC
AV detection:
18 of 48 (37.50%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mkydmrmyawchvexvics4ti7qqwftsjk3omekr34pxg73t7n2drwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 62b036459805847a92f540a5c9a3f0858b39255b7308a8ef8fb9bfb9fdba1c6c

(this sample)

AgentTesla

Executable exe f437432942ec928304c96d45146a6cdcda572b79821fbd3d110cf6dc4b394d05

  
Dropping
MD5 3a4d74036c89511a91017b441b71cc52
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f437432942ec928304c96d45146a6cdcda572b79821fbd3d110cf6dc4b394d05

Comments