MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb7e9a3ce4d5553094a96e6c5674c2a062805d6e4ff6865377fef5cf392994c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb7e9a3ce4d5553094a96e6c5674c2a062805d6e4ff6865377fef5cf392994c5
SHA3-384 hash: 0f434f01c5474d941058ebfcd16dbc933c51681e74ba32b181c2513025b0ba2b41b8960b31b79022cce446ce52765567
SHA1 hash: 65f4f554eefb0400c8f646a89049339454ba2213
MD5 hash: ae012569c6a5442d7683d1464d7f3a93
humanhash: earth-magazine-rugby-west
File name:Delivery Note -AWD 2008738373-863637483.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:404'972 bytes
First seen:2020-06-24 07:05:30 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:ZckC8huU2j399GBOSpg6GqDYD5KrVBJjYzwFOUZVezti1djDqEivOnFhXJ9/x92p:ZckN8tMC6GqYmxpLwUjDqE+MXnr24a
TLSH 678423A15776428C79FA6DD6AB799E03F198FD4A4E8FCCA053512C02B78E6703395037
Reporter abuse_ch
Tags:AgentTesla DHL gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: linux947.grserver.gr
Sending IP: 178.63.13.15
From: DHL Express <katewright_dhl@gmail.com>
Subject: Failed DHL Delivery Notification
Attachment: Delivery Note -AWD 2008738373-863637483.gz (contains "Delivery Note -AWD 2008738373-863637483.exe")

AgentTesla FTP exfil server:
ftp.southeating.com:21

AgentTesla FTP exfil email address:
aridon@southeating.com

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb7e9a3ce4d5553094a96e6c5674c2a062805d6e4ff6865377fef5cf392994c5/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 07:07:03 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xn7juphe2vktbffjnzwfm5gcubriaxloj73imu3x73246ojjstcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bb7e9a3ce4d5553094a96e6c5674c2a062805d6e4ff6865377fef5cf392994c5

(this sample)

AgentTesla

Executable exe ff7d38007dac1659fdeeea13da2b1d451cf4e7b17f7d22f9f6dc3aa3477a5580

  
Dropping
MD5 8329730fad82936bf16a2a5e89ee2dee
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ff7d38007dac1659fdeeea13da2b1d451cf4e7b17f7d22f9f6dc3aa3477a5580

Comments