MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efc24f0f19291f4f4df270bd960003216f744e86d526d468735e6d2f3a4077ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efc24f0f19291f4f4df270bd960003216f744e86d526d468735e6d2f3a4077ad
SHA3-384 hash: 573364c2f4e5b0ac8df38d239948d55af5e5278695c6b0d99b2584c109e98b897643ea4388e1edba7937fbb092166c51
SHA1 hash: 6f5de5dad3bc96b46e47938bd99644140ccdfb6d
MD5 hash: efc98ff0107764ac94d7aad69fdd014a
humanhash: august-single-nineteen-south
File name:Shipmet_Documents_DHL_AWB 784402748,pdf.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:4'420'406 bytes
First seen:2020-07-20 07:18:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:A/8x9poRFrfiN++Cqy7JBhM7XdllmsstyHO/hElY5HuPgbsWb0oF:A/aLobrqN++muX7lmdeCClq86bxF
TLSH A11633A6D692BA48E61E46205146F05CD4295F4F62604C73EEE963BE3086DC89733CFF
Reporter abuse_ch
Tags:AgentTesla DHL zip


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: hwsrv-751187.hostwindsdns.com
Sending IP: 104.168.202.68
From: DHL CUSTOMER SUPPORT<no_reply@dhl.com>
Subject: Shipment Notification AWB Number: 7348255141
Attachment: Shipmet_Documents_DHL_AWB 784402748,pdf.zip (contains "Shipmet_Documents_DHL_AWB #784402748,pdf.exe")

AgentTesla SMTP exfil server:
mail.privateemail.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CAP_HookExKeylogger.15080.25190.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/efc24f0f19291f4f4df270bd960003216f744e86d526d468735e6d2f3a4077ad/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 07:20:08 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=57be6dyzfepu6tpsoc6zmaadefxxitug2utni2dtlzws6osao6wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/efc24f0f19291f4f4df270bd960003216f744e86d526d468735e6d2f3a4077ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip efc24f0f19291f4f4df270bd960003216f744e86d526d468735e6d2f3a4077ad

(this sample)

AgentTesla

Executable exe 89f49fc426262096d0c4c40eace8339a1c09de5e3c6e1d7e0b570ba08713d9db

  
Dropping
MD5 c7ff4c37cdcf7ef94eab095c4caa58ec
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89f49fc426262096d0c4c40eace8339a1c09de5e3c6e1d7e0b570ba08713d9db

Comments