MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88c9f4d0ea0906db9123331288e6daf5e039455993857d2712cfb5581d19600b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88c9f4d0ea0906db9123331288e6daf5e039455993857d2712cfb5581d19600b
SHA3-384 hash: 951e36e39187ced861b15554538590fbb0fa29240a0efdbfa3b7ade54dce8881541e28272bc4c9d9db19fbb74d7bc81d
SHA1 hash: 9f83d7a8a1a35ebe22ce99605a01efe15d8a5a71
MD5 hash: f986dd6bfdc7facc16dd3f59b96b3c38
humanhash: hawaii-spring-michigan-hotel
File name:DHL_AWB-Document.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:361'448 bytes
First seen:2020-06-25 17:51:06 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:5dRqQW2gUSEdWY5g/3IMCUaR1x+PwKO5wBsiXA11gxxYURDQtZfqpC+:5dzr9W2g/76APM5sxyO7lDOypt
TLSH 11742371E0093FDBAF2A1A9BD87BF4DE934C0796088F2595AC172DBA304D7669347221
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: petrit.best
Sending IP: 104.129.0.123
From: DHL Express <office@dhl.com>
Subject: AWB:Shipment Document BL,INV and packing list to redacted@threatwave.com
Attachment: DHL_AWB-Document.zip (contains "DHL_AWB-Document.exe")

AgentTesla SMTP exfil server:
mail.daiphatfood.com.vn:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.6884.5793.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88c9f4d0ea0906db9123331288e6daf5e039455993857d2712cfb5581d19600b/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-06-25 17:53:04 UTC
AV detection:
5 of 48 (10.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rde7juhkbednxejdgmjirzw26xqdsrkzsocx2jysz62vqhizmafq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 88c9f4d0ea0906db9123331288e6daf5e039455993857d2712cfb5581d19600b

(this sample)

AgentTesla

Executable exe 7bfef06a2f15aed4eac113ed1f95d62d9734fd8ae39aa841b8e66e6e43699266

  
Dropping
MD5 b084b35789934e06f9e4e45b340e94f8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7bfef06a2f15aed4eac113ed1f95d62d9734fd8ae39aa841b8e66e6e43699266

Comments