MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b0b1eac12fb2d2c4ea6cb428799e00a259f13bce6128137e8c74acb0fc19fd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b0b1eac12fb2d2c4ea6cb428799e00a259f13bce6128137e8c74acb0fc19fd3
SHA3-384 hash: 37c3b7de1ad5e08bb9392d92867be1c656dfd03ecc9549f3dca1a95dbddf80273752efaef3df9e536946112815f8ff4d
SHA1 hash: 3769bef8a6c9aa252b50c596a19a3b58f4fa3d16
MD5 hash: 2ffc22d15533f8fb70d667fe3c6f7fa4
humanhash: harry-muppet-grey-connecticut
File name:PO Number 09211.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:608'605 bytes
First seen:2021-04-12 15:27:54 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:yz6fz4dbA7MHHHedV6SMRcllpG/+Al8sLKgybqnucb7l6G2j:y6b4RA7MHHHedVqillpG+Ar7ybUr7lsj
TLSH 9AD4235BFE8D2F7EA99E429325F680342DB3C744BF0B0D943505553BDAB818D0EA984E
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Verna <verna@vsgengineeeringllc.com>" (likely spoofed)
Received: "from cloud.sapprints.com (cloud.sapprints.com [103.14.96.212]) "
Date: "Mon, 12 Apr 2021 05:10:45 -0700"
Subject: "Purchase Order Number 09211"
Attachment: "PO Number 09211.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
192
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.644-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b0b1eac12fb2d2c4ea6cb428799e00a259f13bce6128137e8c74acb0fc19fd3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 12:27:58 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bmfr5las7mwsytvgznbipgpabisz6e544yjicn7iy5fmwd6bt7jq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla evasion keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210412-hwsqfhka22/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Maps connected drives based on registry
Checks BIOS information in registry
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
AgentTesla Payload
Looks for VirtualBox Guest Additions in registry
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/0b0b1eac12fb2d2c4ea6cb428799e00a259f13bce6128137e8c74acb0fc19fd3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 0b0b1eac12fb2d2c4ea6cb428799e00a259f13bce6128137e8c74acb0fc19fd3

(this sample)

AgentTesla

Executable exe 57b2a44351febaa40160b21423b5f084f15802290e82910cd3d94331eb3e3791

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 57b2a44351febaa40160b21423b5f084f15802290e82910cd3d94331eb3e3791
  
Dropping
AgentTesla

Comments