MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb8f40817deebcea350a0155b85ce03b18b2e40888283fb26cda2d6488ced26c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb8f40817deebcea350a0155b85ce03b18b2e40888283fb26cda2d6488ced26c
SHA3-384 hash: 4746af2045ad5a6ca8c986e2c72442196e1d4d10ac7df5f6de61a7966c3c4ec25c723bdbde8b2c12a207326938e54953
SHA1 hash: 203ab537b0d23cc6b9628d3a50019187306213b7
MD5 hash: a4107f68e986e24daf25380e4ce7eaf2
humanhash: december-glucose-johnny-april
File name:SAHMRI TT COPY.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:632'513 bytes
First seen:2020-09-28 08:43:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Kj5fNsjchnBk1PaRO640ovCUVKJyS9eJU+VxZMz8nfwdlOFxZuxbPMV:Kd1tnBaPKOXPaVJyS9t+VxZbCPM
TLSH 47D4233CEDD98942BA9498F0ACC368B010A2F1773A27BE0A945D259E616534D71FFFC1
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Jo Dono <jo.dono@sahmri.com>"
Received: "from s10.smartlytechs.com (s10.smartlytechs.com [62.67.51.8]) "
Date: "Mon, 28 Sep 2020 01:32:18 -0700"
Subject: "Sahmri Performa Invoice"
Attachment: "SAHMRI TT COPY.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.bc.5318.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb8f40817deebcea350a0155b85ce03b18b2e40888283fb26cda2d6488ced26c/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-09-28 08:39:04 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xohubal5526ounikafk3qxhahmmlfzairaud7mtm3iwwjcgo2jwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bb8f40817deebcea350a0155b85ce03b18b2e40888283fb26cda2d6488ced26c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bb8f40817deebcea350a0155b85ce03b18b2e40888283fb26cda2d6488ced26c

(this sample)

AgentTesla

Executable exe ff9b8ba13490fdd4310b5d623082f3715a8a6fea340bf1c91ba002f617d62f0e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ff9b8ba13490fdd4310b5d623082f3715a8a6fea340bf1c91ba002f617d62f0e

Comments