MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e16b7cec308d88991094f7b668e21f0782f7547456f9ccf2d48239ea5eb8a16f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e16b7cec308d88991094f7b668e21f0782f7547456f9ccf2d48239ea5eb8a16f
SHA3-384 hash: ca5f9e31ed65a8d675baf01065a2d9763bb5ec07bb48032b496c391bfc8c2a95afae302fb624443fcea670b3f4661800
SHA1 hash: bf34aefeab86fc09a8a4f97e0027529d4a8c39ce
MD5 hash: 57aef0e3e8c371c5cb8d9d75b5a335a6
humanhash: queen-grey-shade-pasta
File name:DOC-4529464927595.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:585'763 bytes
First seen:2020-07-07 18:25:00 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:1SVcy04IEsGTzXQt3c1mSUj8gK4iA41/pvCjL1YuWo3XhxK:1SVcyXtsGTzXqc1mSUhiTpqj5JWo3xo
TLSH 11C423736BC36DFBB88179B2A5399784554442D2B188C3D74FBB1A89B8DA6CD310F190
Reporter abuse_ch
Tags:AgentTesla gz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: webmail.cyber.net.pk
Sending IP: 203.101.175.37
From: hameedentr@cyber.net.pk
Subject: Order Request DOC-4529464927595
Attachment: DOC-4529464927595.pdf.gz (contains "DOC-4529464927595.exe")

AgentTesla SMTP exfil server:
smtp.yandex.com:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e16b7cec308d88991094f7b668e21f0782f7547456f9ccf2d48239ea5eb8a16f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 18:26:09 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fvxz3bqrwejseeu663gryq7a6bpovduk344z4wuqi46uxvyufxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz e16b7cec308d88991094f7b668e21f0782f7547456f9ccf2d48239ea5eb8a16f

(this sample)

AgentTesla

Executable exe 8100e4e4aec4f7f9ca98d640d2c68bfd47f4f7538c041f33157faf8e924d0a74

  
Dropping
MD5 01727a09b28fe78b2d958ccafe6a1264
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8100e4e4aec4f7f9ca98d640d2c68bfd47f4f7538c041f33157faf8e924d0a74

Comments