MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8a4bd1fc1717a7235b42fb02c8a3477d71b2bd143f87c93fe01af6076a2e594. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8a4bd1fc1717a7235b42fb02c8a3477d71b2bd143f87c93fe01af6076a2e594
SHA3-384 hash: e42de7327e7e14b8538d1d4b5653b48804289c3dd2894771ac2b921e0f81a6f842626c0886263d6526348bdf2f50ac76
SHA1 hash: 35638a7f3d3ed2fcb380feec572f215ded844d86
MD5 hash: c4505f32750a5b89d2eb77c1d3db6e68
humanhash: green-xray-illinois-muppet
File name:(Invoices)_Last_Shipment.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'003'612 bytes
First seen:2020-12-21 14:00:54 UTC
Last seen:2020-12-22 08:30:19 UTC
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 24576:eF2AVkf+hOmNSYJUpalMtnbtoPmG7btjL4E0APV5m+u:a2AX3Nly+/1jL1Dbmv
TLSH D625330A0D7E4609EB57107CBD8991A0C470CFA4292A05DBB109CE92D9775DFB6C9F3B
Reporter cocaman
Tags:7z


Avatar
cocaman
Malicious email (T1566.001)
From: ""Saranyoo Kutchakorn (DHL TH)"<5idhl_noreply@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [103.99.1.146]) "
Date: "21 Dec 2020 05:56:06 -0800"
Subject: "[URGENT] Invoices last shipment "
Attachment: "(Invoices)_Last_Shipment.7z"

Intelligence

File Origin
# of uploads :
3
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.482.23814.18013.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8a4bd1fc1717a7235b42fb02c8a3477d71b2bd143f87c93fe01af6076a2e594/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-21 14:01:06 UTC
File Type:
Binary (Archive)
Extracted files:
31
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5csl2h6bof5hennuf6yczcruo7lrwk6rip4hze76agxwa5vc4wka._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e8a4bd1fc1717a7235b42fb02c8a3477d71b2bd143f87c93fe01af6076a2e594

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z e8a4bd1fc1717a7235b42fb02c8a3477d71b2bd143f87c93fe01af6076a2e594

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments