MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c437722b4a61ee33d80279cbaf8b88b38b34601d4263c226f1ce13b0f9314f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c437722b4a61ee33d80279cbaf8b88b38b34601d4263c226f1ce13b0f9314f7
SHA3-384 hash: 4aa2c011297d3416e9315231825baed1131659089eaf20271e3d2795b33fa8ccf7dfc90c2cf0d5e1e21c47c7d67721e8
SHA1 hash: e0219f37237d16d577d2391a5871b57c3a790931
MD5 hash: 2446139e6789f5f1e92848ce9d8690e8
humanhash: william-lemon-cardinal-summer
File name:PO.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:538'879 bytes
First seen:2021-06-22 05:56:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:sbz37t6ksjwPkLbTZq1PpH9V/Tcx4HYu/ms1ELadT3vp:s7sksjkkL/sP31wx4HYu/m+dTR
TLSH D0B423EAD2FCECA670ED86C710108E5C817178F328524FB9255E7689E65BA8F36C0D47
Reporter cocaman
Tags:AgentTesla r15 rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""finance@vrlogistic.co.in"<finance@vrlogistic.co.in>" (likely spoofed)
Received: "from vrlogistic.co.in (unknown [185.222.57.200]) "
Date: "21 Jun 2021 17:44:14 -0700"
Subject: "Re: New Order"
Attachment: "PO.r15"

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24559.RarHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c437722b4a61ee33d80279cbaf8b88b38b34601d4263c226f1ce13b0f9314f7/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-22 05:57:11 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=brbxoivuuypogpmae6olv6fyrm4lgrqb2qtdyitpdtqtwd4tct3q._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210622-qqnsntrke6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c437722b4a61ee33d80279cbaf8b88b38b34601d4263c226f1ce13b0f9314f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0c437722b4a61ee33d80279cbaf8b88b38b34601d4263c226f1ce13b0f9314f7

(this sample)

AgentTesla

Executable exe 30c7b7df9419748053c69c09c0a485493dc2d0bcd304d6bfd1b3a6c6118a2e2b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 30c7b7df9419748053c69c09c0a485493dc2d0bcd304d6bfd1b3a6c6118a2e2b

Comments