MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b05ad05c377364505855c461c7f98c4436d46e1449453697423f856149a1c0d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b05ad05c377364505855c461c7f98c4436d46e1449453697423f856149a1c0d
SHA3-384 hash: 51aae09514d479508c769ca29854c86c20b66828d195d1a6ae2b0b5ec56547aba891f0f1d9be586d5e006179e908e093
SHA1 hash: 314050c3b51c21d660510f9c802875a964b77b08
MD5 hash: 05556927e90d4c8de7c53a7275982431
humanhash: washington-orange-india-iowa
File name:DHL.TRACKING.PDF.2021.tar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:581'932 bytes
First seen:2021-02-09 06:37:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:F8oZ70/y7dXDSy0BO9bfbx9jITvS8F/gkiibIS7hPGSiM87QP:Ko6/SdXDSDOb99jES8/IghZeQP
TLSH 8AC423BFE0DC4DF9A41F83D2F3AA91F62643F494716056F4A6539A7B02E0352C3C2699
Reporter abuse_ch
Tags:AgentTesla DHL tar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: carlinkmotors.com
Sending IP: 66.154.111.245
From: DHL International GmbH <sales@carlinkmotors.com>
Reply-To: DHL.AGENT<officeme47@yandex.com>
Subject: URGENT DHL DELIVERY NOTIFICATION
Attachment: DHL.TRACKING.PDF.2021.tar (contains "DHL.TRACKING.PDF.2021.exe")

AgentTesla SMTP exfil server:
web2.changeip.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.45699976.13402.9586.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b05ad05c377364505855c461c7f98c4436d46e1449453697423f856149a1c0d/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-09 06:37:20 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmc22bodo43ekbmflrdby74yyrbw2rxbiskfg2luep4fmfe2dqgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9b05ad05c377364505855c461c7f98c4436d46e1449453697423f856149a1c0d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 9b05ad05c377364505855c461c7f98c4436d46e1449453697423f856149a1c0d

(this sample)

AgentTesla

Executable exe d84fbc703c26cd18caa9984800602ce646f4a9e66e4d15b3aa33d9821edc394c

  
Dropping
MD5 8117c3fb68ebd2c52304cd5c6f5b2077
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d84fbc703c26cd18caa9984800602ce646f4a9e66e4d15b3aa33d9821edc394c

Comments