MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8709321ee41c1a26c00c565c2cc32991bb137af35bc54636d31f305f9c63c9b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8709321ee41c1a26c00c565c2cc32991bb137af35bc54636d31f305f9c63c9b3
SHA3-384 hash: a10fc4a0131f9f1cad263be6d7b978fd85bbbbeb3d782e386f0818ff475f8924fac220778158ff75ef22e33efb612c71
SHA1 hash: 92f33602ec2abacc6129ed6877f52ddb242dbbc2
MD5 hash: bef92156cd8294de1c7b308f4c0e1c1b
humanhash: iowa-monkey-south-chicken
File name:DHL_FORM-02257PDF.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:311'324 bytes
First seen:2020-07-13 11:37:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:vWd+tT6NEnu+AKEDKjReOW8itTuenyMtZBCK/+rzQ+AJ9PDm:OstGNiu+VvN3iFoeZBfqx6Py
TLSH DD6423A7684A7AD550DAC1377897648CECCC3578A5291F09674EF2C1FF8A0673227F81
Reporter abuse_ch
Tags:7z AgentTesla DHL


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: mail.origine.cz
Sending IP: 81.2.216.97
From: DHL Express Delivery <Meltem.Vreskala@dhl.com>
Reply-To: worldnetofficemailer@gmail.com
Subject: DHL_AWB_DL-02257PDF
Attachment: DHL_FORM-02257PDF.7z (contains "Order_02257PDF.exe")

AgentTesla FTP exfil server:
ftp.dveshop.ro:21

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.22887.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8709321ee41c1a26c00c565c2cc32991bb137af35bc54636d31f305f9c63c9b3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 11:39:04 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4etehxedqncnqamkzoczqzjsg5rg6xtlpcumnwtd4yf7hddzgzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 8709321ee41c1a26c00c565c2cc32991bb137af35bc54636d31f305f9c63c9b3

(this sample)

AgentTesla

Executable exe c28900c5d2b84c527a1d1ca867faac1fa8ac195d6a1df64b1f5e2607db77b774

  
Dropping
MD5 caf43e6088bea3ee2a92e7b4061663dc
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c28900c5d2b84c527a1d1ca867faac1fa8ac195d6a1df64b1f5e2607db77b774

Comments