MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a84ac0ba84ad0560b3e7bab9c996348701670509597e4eb370f4366a6d2400e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a84ac0ba84ad0560b3e7bab9c996348701670509597e4eb370f4366a6d2400e1
SHA3-384 hash: 58918e66c09ca9f93c7d165df6693b5076016bf24a25e518435bd1be43b3d89906e8e79914b0a58af8b84e656368785f
SHA1 hash: 603abc3f6b6ebe6008b84371532fc9612f3305c9
MD5 hash: 5bb7de5cccd3b084104ebbfa1868f273
humanhash: steak-robin-pizza-kentucky
File name:PJT002102002.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:706'845 bytes
First seen:2021-03-29 06:12:40 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:UTa1CteGpwyGX72yeGIB3HKS/1228u3QgxVje998WcrcccBGSKV9lKKs:IHteFE5t78uzVkSzrcc4lKV9Al
TLSH 48E42311B0312325996C4E7745F29C071E5B2FFA8FDC03649EB8C2A1FA1BA0D2D66E65
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: server0.jameszontrad.xyz
Sending IP: 86.106.131.194
From: Abdul Azeez <azeez.neeraje@albiisiherunited.com>
Subject: New order PJT002102002
Attachment: PJT002102002.gz (contains "PJT002102002.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a84ac0ba84ad0560b3e7bab9c996348701670509597e4eb370f4366a6d2400e1/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-03-29 06:13:13 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vbfmbouevucwbm7hxk44tfruq4awobijlf7e5m3q6q3gu3jeadqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a84ac0ba84ad0560b3e7bab9c996348701670509597e4eb370f4366a6d2400e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz a84ac0ba84ad0560b3e7bab9c996348701670509597e4eb370f4366a6d2400e1

(this sample)

AgentTesla

Executable exe c604aca88130354a1cf9209f45898fc867ea3f178d36de173a36db383eb5e42e

  
Dropping
MD5 26244a209c0f9372dd1b9cb99c5c42c8
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c604aca88130354a1cf9209f45898fc867ea3f178d36de173a36db383eb5e42e

Comments