MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08946305fd95097bd28e16308d49a9798c68d5afd1403fd889bf32a12ad31842. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	08946305fd95097bd28e16308d49a9798c68d5afd1403fd889bf32a12ad31842
SHA3-384 hash:	0d03d07c6aaf77a7c96c4ecaf6c8cfcd9e499c8cbc5516d9cdc12234884a33a9a1b6b388128623997c903b20fd00e6ea
SHA1 hash:	32d83ac28074f65db1aa0e0bea0fc06b5709150e
MD5 hash:	300752264d46cfd0cabd1f34336d5dbb
humanhash:	timing-jupiter-uranus-apart
File name:	2009025C##.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	704'480 bytes
First seen:	2021-04-14 16:55:11 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:fJDi+rvufpfwTFQoij/jwo78MB3fKN9C4F0rPc15Tt2OTPnk9X9j/97RQS+h:fJ+wvuaCR5gs3f4APSTt2IPk9XR9e7h
TLSH	7BE4233BF29570318C670D6FED5C0CA63B2C5984A73DA943CB76C80E4E4A5A57F64CA2
Reporter	GovCERT_CH
Tags:	AgentTesla

Intelligence

File Origin

# of uploads :

1

# of downloads :

93

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_hidden.UNOFFICIAL

SecuriteInfo.com.Trojan.PackedNET.646-1.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/08946305fd95097bd28e16308d49a9798c68d5afd1403fd889bf32a12ad31842

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/08946305fd95097bd28e16308d49a9798c68d5afd1403fd889bf32a12ad31842/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-04-13 21:58:28 UTC

AV detection:

20 of 47 (42.55%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=bckggbp5suexxuuocyyi2snjpgggrvnp2fad7wejx4zkckwtdbba._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger persistence spyware stealer trojan

Link:

https://tria.ge/reports/210414-3rq5q2nben/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Adds Run key to start application

Drops file in Drivers directory

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Remcos

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/08946305fd95097bd28e16308d49a9798c68d5afd1403fd889bf32a12ad31842

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 08946305fd95097bd28e16308d49a9798c68d5afd1403fd889bf32a12ad31842

(this sample)

exe f3ce6962e0e3ac2cb3384df02bf0e4851362eeceae101d92f26ba641e4846e20

Dropped by

AgentTesla

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 f3ce6962e0e3ac2cb3384df02bf0e4851362eeceae101d92f26ba641e4846e20

Dropping

MD5 cd9937bc9b32cbcd0d7b2968958a4ac0

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample