MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ee87fbc127ade8a837cc23e4cef573661a7b99e2a265e1b0a87037cc002b0f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ee87fbc127ade8a837cc23e4cef573661a7b99e2a265e1b0a87037cc002b0f8
SHA3-384 hash: 83b90a7376e9ac84f6b1c0558d1492acc31990b93ea4b08076da129c69c79695dec881b4255ae121c304993ba17aed20
SHA1 hash: f7a0a4617c3811b23edd79f8d1d51e8b1e4bd13e
MD5 hash: fbc39568e4f227bf86dca582f98834fc
humanhash: network-september-oscar-leopard
File name:PO #63879JHJDY7T NASSLI ELEKTRIK LTD.STI..7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:598'615 bytes
First seen:2021-08-04 05:50:15 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 12288:lP/4OU8Y87zrmaslRO/5ofCUBOgG7r4H5GudwLbxmX0C+R8iUNwM:l3n80rmTimCzgGafwLbm8RGN3
TLSH T17FD423E24DC3BE7F37253834D65E7F599A65832B80B7A38F02028CE11F76147A19E616
Reporter cocaman
Tags:7z AgentTesla


Avatar
cocaman
Malicious email (T1566.001)
From: "NASSLI ELEKTRIK<Service1@imlbvi.com>" (likely spoofed)
Received: "from [77.247.110.16] (unknown [77.247.110.16]) "
Date: "4 Aug 2021 03:00:38 +0200"
Subject: "Purchase order-NASSLI ELEKTRIK LTD. STI."
Attachment: "PO #63879JHJDY7T NASSLI ELEKTRIK LTD.STI..7z"

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.964.13697.11446.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ee87fbc127ade8a837cc23e4cef573661a7b99e2a265e1b0a87037cc002b0f8/
Threat name:
ByteCode-MSIL.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-08-03 07:45:25 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
14 of 27 (51.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r3uh7pasplpiva34yi7ez32xgzq2pom6fitf4gykq4bxzqacwd4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210804-25fvzfyqs6/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/8ee87fbc127ade8a837cc23e4cef573661a7b99e2a265e1b0a87037cc002b0f8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 8ee87fbc127ade8a837cc23e4cef573661a7b99e2a265e1b0a87037cc002b0f8

(this sample)

AgentTesla

Executable exe d84c5fd437cb4fc6138ae946c1d9566a1fabb913d30d4f90c141c2e66941c57f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d84c5fd437cb4fc6138ae946c1d9566a1fabb913d30d4f90c141c2e66941c57f

Comments