MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6d209ef99c4b5d4463ca91fbd615d479f4286c4a2240546bd2554af25d64c16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6d209ef99c4b5d4463ca91fbd615d479f4286c4a2240546bd2554af25d64c16
SHA3-384 hash: 4c3aac5a9a922111234f2f5168b5d04d70a687918b9c86599c6cf11e608a6c053800833845530e86053100a89170f1ec
SHA1 hash: b8d4eb1cb5a95af468fd2e4d9ac538d61112b527
MD5 hash: aea8c643961096dabf11eab26849ecbb
humanhash: sad-artist-harry-skylark
File name:AWB_3472862913_Package .PDF 221 KB.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:474'938 bytes
First seen:2020-06-02 17:18:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Rwr+bSYt3ag0P8FQtiDSPRuzCfbJAdVV9rXNNFeL1fa:yEptx48atiMFwVV9rXwC
TLSH 6DA42345D99ECD7DA65B2E673E8A4CFF26041C6C9B90D65243225F2CC9F3023923E98D
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: park-mx.above.com
Sending IP: 103.224.212.34
From: Luisa Perez <DHLEXPRESS.BILLINGID@dhl.com>
Reply-To: DHL <customerupdat013489@gmail.com>
Subject: DHL Express® Shipment Notification tracking# 3472862913
Attachment: AWB_3472862913_Package .PDF 221 KB.zip (contains "AWB_3472862913_Package .PDF (221 KB).exe")

AgentTesla SMTP exfil server:
mail.hanovredisplays.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 17:36:48 UTC
File Type:
Binary (Archive)
Extracted files:
294
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w3jat34zys25irr4vep32yk5i6pufbweuisakrv5evkk6jowjqla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b6d209ef99c4b5d4463ca91fbd615d479f4286c4a2240546bd2554af25d64c16

(this sample)

AgentTesla

Executable exe 725cd49294a79dc41269efe8765a70ca9e745460d1af90c5e1b019c1f2e1a0b4

  
Dropping
MD5 d371d2b94a66acf3fb54a7fd70643cac
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 725cd49294a79dc41269efe8765a70ca9e745460d1af90c5e1b019c1f2e1a0b4

Comments