MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e
SHA3-384 hash: 1b9ae540a891377015fd18b48280fe76aa68ddfe97122a400795e46e07e182cbdccd43e879323fe5f569d8eb8cd7e89a
SHA1 hash: d30d8a2466783227237bd64e63611f90c023e414
MD5 hash: a8719cafb919bb69ea5928611d748c8f
humanhash: alaska-seven-mockingbird-network
File name:SG1_000000123205044_1.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:750'464 bytes
First seen:2021-04-07 05:19:42 UTC
Last seen:2021-04-08 05:40:35 UTC
File type: gz
MIME type:application/gzip
ssdeep 12288:KQR/emJoIgcZlacTlAe28IQztTP6AeR6a3Vcl82qIhxWDgx/RS5Y5ADsv:3cmJb3favX8IQz961r3e82qI6DgZReYF
TLSH 08F433132BD794A4662FDFA3C524146521BC5FB2C0EE1556D9C3CEAB336A41FF62808B
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Joseph Wealth <selectpharmalab@334.orxo.cf>" (likely spoofed)
Received: "from hp0.334.orxo.cf (hp0.334.orxo.cf [159.89.36.252]) "
Date: "07 Apr 2021 21:09:35 -0700"
Subject: "Can you supply ?"
Attachment: "SG1_000000123205044_1.pdf.gz"

Intelligence

File Origin
# of uploads :
8
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-04-07 05:20:07 UTC
File Type:
Binary (Archive)
Extracted files:
48
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rmfrm4ko7tu36vbtvpykuidzbvtcwxcfn5lokgahlv4aqr3d3fha._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 8b0b16714efce9bf5433abf0aa20790d662b5c456f56e518075d78084763d94e

(this sample)

AgentTesla

Executable exe b90fb49ced2711300981110e8d872b5b2848ea3449ef2db157df053dc6fe49c1

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b90fb49ced2711300981110e8d872b5b2848ea3449ef2db157df053dc6fe49c1
  
Dropping
AgentTesla

Comments