MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 935b9a5e16fbda3f39f92b5156985be8c0a54cda9514060ca30a075bcfc043b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 935b9a5e16fbda3f39f92b5156985be8c0a54cda9514060ca30a075bcfc043b0
SHA3-384 hash: 422fd36e8411862af56cc5eec6f1833e0dbc89f40e72b659ebab4bef49f5fa4817f5c9c3ed6046ec3762adaf01f8b903
SHA1 hash: 74d2db8f386c4cc49caff555aed88fda5ada26dd
MD5 hash: c962058f66bcec507c0c081915e47e9e
humanhash: alpha-sink-leopard-arkansas
File name:Shipping Documents.PDF.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:280'799 bytes
First seen:2021-03-03 07:33:02 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:B2J+tSNitl+UCzps1OdVQbbw5ufEbws5MhMiRCbst:zeii3zps1OPQbc8fbsLc
TLSH B1542397909EE2E8D124207E2B631EE70679F0FD78045A6CE580806F1C929D952BEF5F
Reporter abuse_ch
Tags:cab DHL


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mf0.318.grvo.gq
Sending IP: 143.110.234.153
From: DHL Express<admin@318.grvo.gq>
Subject: CONSIGNMENT DOCUMENTS, ETC DOC.
Attachment: Shipping Documents.PDF.cab (contains "Shipping Documents.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.36434698.1322.6150.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/935b9a5e16fbda3f39f92b5156985be8c0a54cda9514060ca30a075bcfc043b0/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-03 07:33:40 UTC
AV detection:
17 of 47 (36.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=snnzuxqw7pnd6opzfnivngc35dakktg2sukamdfdbidvxt6aioya._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/935b9a5e16fbda3f39f92b5156985be8c0a54cda9514060ca30a075bcfc043b0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab 935b9a5e16fbda3f39f92b5156985be8c0a54cda9514060ca30a075bcfc043b0

(this sample)

AgentTesla

Executable exe 5e5d1e707d5c3a02fc69c2f53b4067101769ea671c9f866ac96a99463161cd35

  
Dropping
MD5 92b5de3fb9322bf8a1a27334a3044d4b
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 5e5d1e707d5c3a02fc69c2f53b4067101769ea671c9f866ac96a99463161cd35

Comments