MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fface91e0888e5b57448dd002ba9c5c78111b22c423da495a16fd7b4c879186. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fface91e0888e5b57448dd002ba9c5c78111b22c423da495a16fd7b4c879186
SHA3-384 hash: fe8fb5ca8a1834611513928267a7a737c1e5955531b72ffc050f160b0b011002e5d5ec6c6e800b357a2523891b2dd222
SHA1 hash: 99be46065965ac6e68ffc79cd4c7d773b4e54b02
MD5 hash: 93229b59f724757b7dc5b2bf2bb0cd9c
humanhash: blossom-early-ceiling-black
File name:Commercial Invoice and Packing List For Shippment.r00
Download: download sample
Signature AgentTesla
Create hunting rule
File size:762'001 bytes
First seen:2021-02-05 06:52:14 UTC
Last seen:2021-02-06 15:52:58 UTC
File type: r00
MIME type:application/x-rar
ssdeep 12288:E4fh0A3a3scj6uWgWq6GJhv8IwBbtCNt8lKFEhpzFCb2qf4hGlWBGY4Pq:hF3a3sPRqxJvwBRCNttF6myqfeGMBNGq
TLSH 0FF433B7711F02BAC7692EBDE2F0163EAE9F0C13D34E1E69E4EA26D3C5AD45241D0181
Reporter lowmal3
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
3
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fface91e0888e5b57448dd002ba9c5c78111b22c423da495a16fd7b4c879186/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-05 06:53:05 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
20 of 28 (71.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b75m5eparchfwv2erxiafou4lr4bcgzcyqr5usk2c36xwtehsgda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0fface91e0888e5b57448dd002ba9c5c78111b22c423da495a16fd7b4c879186

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

r00 0fface91e0888e5b57448dd002ba9c5c78111b22c423da495a16fd7b4c879186

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments