MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8e8a4193c949dd89b02edca84207c21ebfc23cb0d531efec38fa28e022938dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 2 Yara 1 Comments

SHA256 hash: b8e8a4193c949dd89b02edca84207c21ebfc23cb0d531efec38fa28e022938dc
SHA3-384 hash: b0d3e8400b106660eb33967e80ff55a87bd0e7c15b2f4226fec34529dbcf721cc74ed2b2d711fcf1f124b557d2279f8a
SHA1 hash: 769ff32cbfc961da9e959dddfc6dfe6412ba5e7a
MD5 hash: 07275cc7a9c2b70e1a9910e907f54302
humanhash: ack-five-failed-pip
File name:SecuriteInfo.com.Exploit.Rtf.CVE2012-0158.25881.27659
Download: download sample
Signature AgentTesla
File size:10'536 bytes
First seen:2020-06-30 10:47:14 UTC
Last seen:Never
File type:Rich Text Format (RTF) rtf
MIME type:text/rtf
ssdeep 192:pCBrCvHrQAuWLo0M0841sZFqhJqCAiLJHvzzdXY9LNyKPqFKkxf8ygQ0NMz5q6:EBrido0MNE7FL1z+9voC54
TLSH DE229E34D96CAD15E4AF878AEE64B52C0F113160D0E7F2EADF1ED18392B43C2869DC10
Reporter @SecuriteInfoCom
Tags:AgentTesla

Intelligence


Mail intelligence No data
# of uploads 1
# of downloads 23
Origin country US US
ClamAV SecuriteInfo.com.Exploit.Rtf.CVE2012-0158.25881.27659.UNOFFICIAL
MiscreantPunch.RTF.2017-0199.Obfus.171711.UNOFFICIAL
TwinWave.EvilDoc.DOCXSTRGOOD.RTFSTR._EQUATION.200422.UNOFFICIAL
TwinWave.EvilDoc.RTFFakeVersionWithObjUpdateUKSurfMix.20200514.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/b8e8a4193c949dd89b02edca84207c21ebfc23cb0d531efec38fa28e022938dc/
ReversingLabs :Status:Malicious
Threat name:Document-Word.Exploit.CVE-2017-11882
First seen:2020-06-30 08:14:55 UTC
AV detection:13 of 31 (41.94%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:agenttesla
Link: https://tria.ge/reports/200630-qgcft8mwcx/
Tags:spyware keylogger trojan stealer family:agenttesla
VirusTotal:Virustotal results 43.33%

Yara Signatures


Rule name:SharedStrings
Author:Katie Kleemola
Description:Internal names found in LURK0/CCTV0 samples

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AgentTesla

Rich Text Format (RTF) rtf b8e8a4193c949dd89b02edca84207c21ebfc23cb0d531efec38fa28e022938dc

(this sample)

  
Delivery method
Distributed via web download

Comments