MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd7d60bb94bdabf2e35f7b982acdd89f7c9138ed6e7b16538b5e31aec704ede6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd7d60bb94bdabf2e35f7b982acdd89f7c9138ed6e7b16538b5e31aec704ede6
SHA3-384 hash: 16dc2d06158e9938784b46088611b0a8326212747a19f53272b8457671cedaf30558b4d332267ac99c79451f7d3346bd
SHA1 hash: b795ca8be9101b3b3b2bd24d2a83ef97b30aef3c
MD5 hash: f06437960f06182704dea74b043df70b
humanhash: johnny-zulu-item-mango
File name:EMAILMING BANK PAPER 55162021.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:511'067 bytes
First seen:2021-01-29 06:19:47 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:LkV12qDz4Xsbe55Jl1PvbQ1oAXiCGyNhDlc:QVDz4R55ZvHdyHD6
TLSH 94B4230FDBAA50BD5ADA934C4138D46B7AD82842CC5C9B3C774199F3BA8778DC5B28C4
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Kenneth Olsbro <kom@dsgnlink.com>" (likely spoofed)
Received: "from ded1603.inmotionhosting.com (ded1603.inmotionhosting.com [173.247.244.178]) "
Date: "Thu, 28 Jan 2021 09:31:29 -0800"
Subject: "EMAILMING BANK PAPER PAYMENT"
Attachment: "EMAILMING BANK PAPER 55162021.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd7d60bb94bdabf2e35f7b982acdd89f7c9138ed6e7b16538b5e31aec704ede6/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2021-01-28 21:29:56 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xv6wbo4uxwv7fy27pomcvtoyt56jcohnnz5rmu4llyy25rye5xta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bd7d60bb94bdabf2e35f7b982acdd89f7c9138ed6e7b16538b5e31aec704ede6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz bd7d60bb94bdabf2e35f7b982acdd89f7c9138ed6e7b16538b5e31aec704ede6

(this sample)

AgentTesla

Executable exe 95be71d73799012c2d1d672f4624f0d4b02a0ab64b428b7cd8d7f0eb6a2d29ba

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 95be71d73799012c2d1d672f4624f0d4b02a0ab64b428b7cd8d7f0eb6a2d29ba
  
Dropping
AgentTesla

Comments