MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ee9c0e6f238370c5d406ada4f9462f2ee21278dd4acc658ece3c214d1a57213. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8ee9c0e6f238370c5d406ada4f9462f2ee21278dd4acc658ece3c214d1a57213
SHA3-384 hash:	3429473f3db92c578145e4678b56787eff1751dbed2ba0804d67c134de79d4efc8bf0e14bc3f8b1c102f2f8adc292d7c
SHA1 hash:	0377887a98ab2a961f1bfeaa67163a84d7d584e2
MD5 hash:	d2f441c71fef7c8a23c94383a25514a8
humanhash:	pizza-undress-march-social
File name:	DOC..7z
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	505'332 bytes
First seen:	2020-12-16 15:14:11 UTC
Last seen:	Never
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	6144:R4uIgiZMfusVy5+prrps3JICJEKUoNdCRnZy5q04mwMb2RaUa2Yy7lMifI:R7IgiK9Rp3p+mFcduQ5qdttIyJMiw
TLSH	5FB423883770A3CAC29686FA64BB2915B5660A707AFDDF8F39815DC619EC1F2850D07C
Reporter	GovCERT_CH
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

223

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Variant.Barys.11488.15589.5354.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8ee9c0e6f238370c5d406ada4f9462f2ee21278dd4acc658ece3c214d1a57213/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-12-16 15:15:06 UTC

AV detection:

13 of 48 (27.08%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=r3u4bzxsha3qyxkanlne7fdc6lxccj4n2swmmwhm4pbbjunfoijq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8ee9c0e6f238370c5d406ada4f9462f2ee21278dd4acc658ece3c214d1a57213

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

7z 8ee9c0e6f238370c5d406ada4f9462f2ee21278dd4acc658ece3c214d1a57213

(this sample)

exe e6287280721108b9532830ae26f789f9469efc3fcc953686d52d16da66824858

Dropped by

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 e6287280721108b9532830ae26f789f9469efc3fcc953686d52d16da66824858

Dropping

MD5 82c0e6b56030b3ea3299fafa7a98affe

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample