MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5e4fd1f73efecef68f3a001f0b5a0c8b9704768356c1190197062193e66a6c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5e4fd1f73efecef68f3a001f0b5a0c8b9704768356c1190197062193e66a6c1
SHA3-384 hash: 474c0f9406c5acb6abd1b55cf2774455d3ea0989918bc63cb296a0f0a266ef765ed6cfcf8c19fb4bdd45b7ce20750657
SHA1 hash: fecb7c59a72c32b8f0352fd1eb360716bdfc63fd
MD5 hash: 0ea428ab9707caaba11e89468c757c96
humanhash: connecticut-blossom-emma-crazy
File name:DHL Documents.PDF.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:476'980 bytes
First seen:2021-02-22 07:20:41 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:aLugO58PBNWrDDjzKhkAvWIy0Z/QjHVlu3fpLFuRNII+s:WugO5M06k2r5Z/CVk3NFuHT
TLSH 41A423793C587FEBD9F4E4071402D5ADB3320BEB67153D6A9BA8BF7808CE5A181161E0
Reporter abuse_ch
Tags:cab DHL


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: etr0.307.gvuwx.ml
Sending IP: 143.110.148.99
From: DHL Express <info@307.gvuwx.ml>
Subject: CONSIGMENT DOCUMENTS
Attachment: DHL Documents.PDF.cab (contains "DHL Documents.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.366920.5969.32008.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5e4fd1f73efecef68f3a001f0b5a0c8b9704768356c1190197062193e66a6c1/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-22 07:21:13 UTC
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wxsp2h3t57wo62htuaa7bnnazc4xar3igvwbdeazobrbsptgu3aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

cab b5e4fd1f73efecef68f3a001f0b5a0c8b9704768356c1190197062193e66a6c1

(this sample)

AgentTesla

Executable exe a1297ad5970529014466745cbb2d1615ba88de8e062e77101fab26937ac518ac

  
Dropping
MD5 3368f38b7c5510473d88450dd2d5cdec
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a1297ad5970529014466745cbb2d1615ba88de8e062e77101fab26937ac518ac

Comments