MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc975f3e316e2083bbd6e7796dee98b1361779a329af082a49a304960d02b257. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc975f3e316e2083bbd6e7796dee98b1361779a329af082a49a304960d02b257
SHA3-384 hash: 4df907b87254f9ea4d66f3137a44db492cc40e315ee52f6d2804cc7d9597a23f9b0486cc9136363ab27b165e368c2196
SHA1 hash: 3306652f9b3e927e8df814691178feee12fbcebc
MD5 hash: d3f5aeb7cea53a0de73f1efae9832475
humanhash: winner-happy-hotel-montana
File name:DHL_AWB 1008936572891_pdf.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:359'297 bytes
First seen:2020-08-18 10:07:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:4fH4hcrqJWOtprLY8EhBPAlGqNbGz/pjrLB4Golt8ufuLlOO7nR852B8lVtwJgLd:4whwqJjtN5GKfbYxjfeltRuzd80alVtV
TLSH 5874233A42B647AA3CF889CC892C8B9E25CC278C452204E172D9E2F3537D5D647DE17B
Reporter abuse_ch
Tags:AgentTesla DHL rar


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: de.uitn.com
Sending IP: 144.76.245.34
From: DHL EXPRESS <CUSTOMERSERVICE@DHL.COM>
Reply-To: DHL EXPRESS <soomla6384@yahoo.com>
Subject: Ref: DHL_AWB #1008936572891
Attachment: DHL_AWB 1008936572891_pdf.rar (contains "DHL_AWB #1008936572891_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc975f3e316e2083bbd6e7796dee98b1361779a329af082a49a304960d02b257/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 10:08:06 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7slv6prrnyqiho6w454w33uywe3bo6ndfgxqqksjumcjmdicwjlq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar fc975f3e316e2083bbd6e7796dee98b1361779a329af082a49a304960d02b257

(this sample)

AgentTesla

Executable exe a7d27c9cca035fac67dadf420c7adcfb2b196b4f2db64d94e13ddb6a9ea1c46a

  
Dropping
MD5 ac05cbdc0c8edecf8fcb211d9772f249
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a7d27c9cca035fac67dadf420c7adcfb2b196b4f2db64d94e13ddb6a9ea1c46a

Comments