MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3e8fb1601a8797e7839652a7686a6476a6751373ecaa49f94e6c01085e7b3c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments

SHA256 hash: c3e8fb1601a8797e7839652a7686a6476a6751373ecaa49f94e6c01085e7b3c1
SHA3-384 hash: 03d342a4b157336d5687f51b0813941b87d7957124a9b500e42f9f91fb3c2b676fca274d53a1b4b873a0d1fd2213d643
SHA1 hash: 37e524ad7d3ffcc28aa52402c3a740372ff7f5b6
MD5 hash: 18fe7f36e161b5233a1e5174871d5097
humanhash: item-carbon-one-potato
File name:INVOICE-ECNOG-0987765546799008780975433.scr.rar
Download: download sample
Signature AgentTesla
File size:508'189 bytes
First seen:2021-09-27 16:57:56 UTC
Last seen:2021-09-28 05:51:44 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:btrFunFwy/6Zue/vtDsk/+7WZOZ2mrjpEeJpWf+jgidiHpxX2BkI:DryCDHtDt/+79ZfRpSf+jgi8xX2KI
TLSH T1C4B423F33252272A6DFD921C24B75820BE96F2C2B65C699F391F58EF80B653046FD418
Reporter @fabjer
Tags:AgentTesla rar

Intelligence


File Origin
# of uploads :
2
# of downloads :
187
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Spyware.Noon
Status:
Malicious
First seen:
2021-09-27 11:01:02 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  2/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar c3e8fb1601a8797e7839652a7686a6476a6751373ecaa49f94e6c01085e7b3c1

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments