MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0a47c0434fe24f0dd45ff15a3fd4b1f451bf484522acd9700ca0d6121465a5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0a47c0434fe24f0dd45ff15a3fd4b1f451bf484522acd9700ca0d6121465a5b
SHA3-384 hash: f87686138179086d416eaa7233b19bd6577755751ba17d5f175f6a32c093f8dbcf9d6ad470c4ef7746fba419fc4a6083
SHA1 hash: ff23d572302eb4a2cd349084384bf52c0d51f7bd
MD5 hash: 9238343e35eb291794ee37d3d4ce0dcb
humanhash: king-leopard-aspen-saturn
File name:Essity Canary Island S.L OC 45044232942020.PDF.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:412'843 bytes
First seen:2020-07-29 11:35:56 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:Ut3rE7hNTqKsCKFerLC7gUKDR/WsvrnQw:U91KOIAVKhWsv8w
TLSH 2A9423424518173D2D01990474BC3E7C4A270BBF293768BAF55F941DB2AFB89B228DE7
Reporter abuse_ch
Tags:AgentTesla r00


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: lnx-ppa-dns-mysql-01.microblau.net
Sending IP: 62.97.115.40
From: QUINTANA ALEXANDER <alexandra.quintana@essity.com>
Subject: RV: PEDIDDO DE COMPRA NÂș4504423290 -ESSITY CANARY ISLANDS S.L
Attachment: Essity Canary Island S.L OC 45044232942020.PDF.r00 (contains "Orden de Compras No 4504423294 2007282020.exe")

AgentTesla SMTP exfil server:
mail.corroshield.co.id:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0a47c0434fe24f0dd45ff15a3fd4b1f451bf484522acd9700ca0d6121465a5b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 09:28:20 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wcshybbu7yspbxkf74k2h7kld5crx5eekivm3fyazigwcikgljnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0a47c0434fe24f0dd45ff15a3fd4b1f451bf484522acd9700ca0d6121465a5b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 b0a47c0434fe24f0dd45ff15a3fd4b1f451bf484522acd9700ca0d6121465a5b

(this sample)

AgentTesla

Executable exe c168e7d0b1e6cc80ca70052ba03a498e2f37cbc4155233c9681d63639a282004

  
Dropping
MD5 b81dce628f78af259f434f7fe2542fd9
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c168e7d0b1e6cc80ca70052ba03a498e2f37cbc4155233c9681d63639a282004

Comments