MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a3f3a4de4c6512fa36ed33d2e70921e9df91bffd38bb490f2f74bb62456d967. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a3f3a4de4c6512fa36ed33d2e70921e9df91bffd38bb490f2f74bb62456d967
SHA3-384 hash: 0d20ddfbae91729bba293b5a84083524a543a07022ede506aa2d7e1e5f16e9d104a9b8dddb8f7b3ecaae9678b675bb33
SHA1 hash: e3e889d2682a1c211aad3244eb80517a91d77d55
MD5 hash: b721efee3cb64798d8984e62491ffa77
humanhash: missouri-washington-yankee-don
File name:DHL-AWB130501923096PDF.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:381'323 bytes
First seen:2020-06-02 17:10:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:hHGRQlURZbddtcP6XFt7G3/YtQYV3iXNge851YzpS2SYeMVwxrHHf7y:hm+leZbdd2SFcc3iKe85Uc26ywxjHf7y
TLSH 5684232EC5B1048BCA04B40026D5B8B0DED577BA645CB8CFFC9C55F00B6992CDD3AEA2
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: DHL <myclearance@dhl.com>
Subject: 需要采取的行动 - Invoice, PI, Bill of Landing
Attachment: DHL-AWB130501923096PDF.zip (contains "DHL-#AWB130501923096PDF.exe")

AgentTesla SMTP exfil server:
mail.labombilladeoro.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.23268.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 17:36:46 UTC
File Type:
Binary (Archive)
Extracted files:
8
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ti7tutpeyzis7i3o2m6s44esd2o7sg772of3jehs65f3mjcw3ftq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9a3f3a4de4c6512fa36ed33d2e70921e9df91bffd38bb490f2f74bb62456d967

(this sample)

AgentTesla

Executable exe 154e3d61c42499996c63db646175ed1b3252c598d7e79e7e03763f99ebb23294

  
Dropping
MD5 9d9afcbbeaad375daf4672935fd75d21
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 154e3d61c42499996c63db646175ed1b3252c598d7e79e7e03763f99ebb23294

Comments