MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0868083e693208f19cd0f8b4896886fe6d7aa7ce3146139dd6665c5b08fbd520. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0868083e693208f19cd0f8b4896886fe6d7aa7ce3146139dd6665c5b08fbd520
SHA3-384 hash: 84d64c4bfb596d3d353063c220c9ef976de07090d2beb1e656c5934e72a412b13eb98181f8f7dca0c5ded26fa1a54657
SHA1 hash: ae9ae616313d58ff59532ee4b43bb129d1a68311
MD5 hash: d9c1217c34cb2e6827259a86632d2eff
humanhash: white-network-may-pluto
File name:SHPT-Comp Docs & Invoice Duty _ P.list Phyto Cert-End_Use.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:339'811 bytes
First seen:2021-02-08 06:34:55 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:58KFO8hsd/2517jaF71/+iKtQxsm9GtqzGfqyBF9/CKFEM8G1aU3cEBQm6ZqS:58yO8C0q182xF9Wig9/CKFll33N6ZqS
TLSH EF7423584CCE434CE3DE616998F6C199FDE5D2B0C1EACA051F0BF93C9691A99D0123BE
Reporter cocaman
Tags:AgentTesla r00


Avatar
cocaman
Malicious email (T1566.001)
From: ""SHAROON H.R.M" <acc.mum@lodestargroup.net>" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [185.222.57.246]) "
Date: "7 Feb 2021 22:09:37 -0800"
Subject: "Re: RV: Shipment Documents // SUBSE0001272// IGM for LC No: 279393YMBHSAEIJKSYRDG"
Attachment: "SHPT-Comp Docs & Invoice Duty _ P.list Phyto Cert-End_Use.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0868083e693208f19cd0f8b4896886fe6d7aa7ce3146139dd6665c5b08fbd520/
Threat name:
Win32.Infostealer.BestaFera
Create hunting rule
Status:
Malicious
First seen:
2021-02-08 06:35:07 UTC
File Type:
Binary (Archive)
Extracted files:
69
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bbuaqptjgiepdhgq7c2is2eg7zwxvj6ogfdbhhowmzofwch32uqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0868083e693208f19cd0f8b4896886fe6d7aa7ce3146139dd6665c5b08fbd520

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 0868083e693208f19cd0f8b4896886fe6d7aa7ce3146139dd6665c5b08fbd520

(this sample)

AgentTesla

Executable exe 95b9a66abb8bb765e9a831ee0da955a879fbda3d8b52174f69aa4db7ca53ba09

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 95b9a66abb8bb765e9a831ee0da955a879fbda3d8b52174f69aa4db7ca53ba09

Comments