MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e
SHA3-384 hash:	6606a50fb73e3cd443610dfb653dec5854a2a0b6aca9501abcf566ffb398fcd45ade5e1bfd6b98bb4b549c339779c9c7
SHA1 hash:	95556a15083abe285651a8830cd1b81a6dbb395f
MD5 hash:	75c26daec0c1ee7a0c85ac90373352c2
humanhash:	alaska-magnesium-december-skylark
File name:	Dhl 74725794.exe
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	6'162'432 bytes
First seen:	2021-02-23 06:35:04 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'653 x AgentTesla, 19'464 x Formbook, 12'205 x SnakeKeylogger)
ssdeep	98304:vwgYY1kOAjDLM/Df5IAtbJXIe7czCvCHxHcrIHGW3a2LS1l94pVRnOrU:vwY1hAjM/Df5Dtb1hIKrIHGezMspVYrU
Threatray	59 similar samples on MalwareBazaar
TLSH	A3562314B344BBC6E0262D73882F6610A2F9836B6135F64F38DB6EFA1497702415FE5B
Reporter	cocaman
Tags:	AgentTesla exe

cocaman

Malicious email (T1566.001)
From: "DHL Express <5idhl_noreply@dhl.com>" (likely spoofed)
Received: "from [208.123.119.121] (unknown [208.123.119.121]) "
Date: "22 Feb 2021 22:03:54 -0500"
Subject: "Electronic invoice (invoice number: 74725794)"
Attachment: "Dhl 74725794.exe"

Intelligence

File Origin

# of uploads :

1

# of downloads :

78

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/118440/

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Sending a custom TCP request

Creating a window

Sending a UDP request

Result

Verdict:

SUSPICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

AgentTesla

Detection:

malicious

Classification:

troj.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/614833

Signature

Hides that the sample has been downloaded from the Internet (zone.identifier)

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

Yara detected AntiVM_3

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e/

Threat name:

Win32.Trojan.Wacatac

Status:

Malicious

First seen:

2021-02-23 06:36:06 UTC

File Type:

PE (.Net Exe)

Extracted files:

73

AV detection:

11 of 46 (23.91%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rjnvhjxb6wrzab6pex6iue4drm2fci2unsunanqilgtqc6p7gwha._file

Verdict:

unknown

Similar samples:

199f078e93520f83664c2d903bd419fcd1919988b86ef2d36d2f77523dae56dd

4158eda852ee2f9ccbeceed05ff97af35dac101ed395f622ba41d93ef2ddfedc

657a164783b53dc028ca6024f4df09f9e4a9b289e0a3216d2c686ec091a224c0

77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2

8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b

9dde30eea4bc51f6561d857ecb624f09e3257c3a015ff49a8f22f206fcab45c1

b5a2fbfeb80e2e92039a23615df8b8f63f42d1331528f514b312d4946dc22607

cfe1f69c2984de3f5d476db3ce45aa4d95a8137f0ff1ba07c1b0cecf15075c93

df9b8b0093bdcff2dc73e2da55ea3c94cc90febcf05c4bb4edde266b3f376a55

f12df428fa830292897aabb6f73c5ecf96e855e278c3320e21e45629c84bf9ef

+ 49 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210223-9lvl59h272/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e

MD5 hash:

75c26daec0c1ee7a0c85ac90373352c2

SHA1 hash:

95556a15083abe285651a8830cd1b81a6dbb395f

Link:

https://www.unpac.me/results/37da6078-851b-4823-a795-ccc829833fef/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.35

Link:

https://yomi.yoroi.company/submissions/8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

Cape

https://www.capesandbox.com/analysis/118440/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample