MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 File information Yara Comments

SHA256 hash:	cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee
SHA3-384 hash:	eb58be42336eaa11b86394d6fa6ed758d78e2361324e6c09510a2284ee6fd5789bac87169d0bd61e279f51da423fdcc2
SHA1 hash:	a75878d6abf97273a5468504bbe8a6c18a5af68e
MD5 hash:	4585f6fe715f1cdf14e80961b213b707
humanhash:	minnesota-iowa-maine-spring
File name:	Purchase Order___pdf ____________.iso
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	337'920 bytes
First seen:	2021-02-23 06:19:00 UTC
Last seen:	Never
File type:	iso
MIME type:	application/x-iso9660-image
ssdeep	6144:n11QihwT06EKBVEZkt6rujk0RwWA+3hsCz/louD:phi9hBOs6ijk0VhsCzyU
TLSH	9774121232E1CD63D5A151752870EA2CAFB7C72660FC0B47B74CA60AF7B3D509A4D7A2
Reporter	@fabjer
Tags:	AgentTesla iso

Intelligence

File Origin

# of uploads :

1

# of downloads :

55

Origin country :

FR

Mail intelligence

Geo location:

Global

Volume:

Low

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Iso_pdf.UNOFFICIAL

PUA.Win.Downloader.Soft32downloader-6691270-0

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee/

Threat name:

Win32.Trojan.Zmutzy

Status:

Malicious

First seen:

2021-02-22 23:47:37 UTC

AV detection:

8 of 47 (17.02%)

Threat level

5/5

Detection(s):

Malicious file

Link:

https://www.spamhaus.org/query/hash/zwf7uxs5qfvn6egkpqjei2mhpbigbd6gnvhpold7a75vkcjcyhxa._file

AV coverage:

23.73%

AV detections:

14 / 59

Link:

https://www.virustotal.com/gui/file/cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee/detection/f-cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee-1614033874

Threat name:

Legit

Score:

0.00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

iso cd8bfa5e5d816adf10ca7c124469877850608fc66d4ef72c7f07fb550922c1ee

(this sample)

exe 4a75f7167cebce580af085e2cf97b7a5642f6d33900e40d9d97f0aebb9ee87d6

Dropping

SHA256 4a75f7167cebce580af085e2cf97b7a5642f6d33900e40d9d97f0aebb9ee87d6

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your Twitter account.

No comments found for this malware sample