MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA 2 File information Comments

SHA256 hash:	cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55
SHA3-384 hash:	2df5bbc3af543a07da9e045845ec44708546c09f9bbfb1ce6232010ba4151989882960523b262dc36f210f27011ec770
SHA1 hash:	070a8a4c80b149f8d1dbcd9a648e3f1b056bff28
MD5 hash:	6fdf458c34c58992eba3b5f6a8e273ae
humanhash:	snake-rugby-may-alabama
File name:	DHL_AWB_975539839616.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	510'649 bytes
First seen:	2023-04-17 19:10:43 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:ad+cvazAJbIs4fN1IvNe2OkPYM6pgNeShtXq2tjsS4wEV2kCII:ad+Y354VqgzM1JhtptjsSkVhPI
TLSH	T1CBB423C0F54C7F4ACD1027A9F3E80BA14F94488EABC2B5C5979EEDC490721B9355A8A7
TrID	80.0% (.ZIP) ZIP compressed archive (4000/1) 20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	cocaman
Tags:	DHL zip

cocaman

Malicious email (T1566.001)
From: "DHL Express <support@dhl.com>" (likely spoofed)
Received: "from hosting8.veiss.com (hosting8.veiss.com [192.162.12.29]) "
Date: "Mon, 17 Apr 2023 15:15:17 +0100"
Subject: "=?UTF-8?Q?Su_n=C3=BAmero_de_seguimiento_de_DHL=3A_975539839616?="
Attachment: "DHL_AWB_975539839616.zip"

Intelligence

File Origin

# of uploads :

# of downloads :

1'238

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	DHL_AWB_975539839616.exe
File size:	575'488 bytes
SHA256 hash:	d5d18f9417c9f5268a707e6c276d8318f0bc399302ff07d8d8319257c9dac063
MD5 hash:	ebba07aa50ddef78d9686de42b4db3dc
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.28872.BadIN4.UNOFFICIAL

Result

Verdict:

Unknown

File Type:

PE File

Link:

https://app.docguard.net/cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/643d99c77a31c790ffdbbb0e/reports/c6419557-ab01-4b3a-b10f-e0bd7cf1a7e0/overview

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=zm5fxva2fajjk4bwkhspzrkveimuou2etbdynf7z3guvfbsslnkq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/cb3a5bd41a281295703651e4fcc555221947534498478697f9d9a95286525b55

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.