MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5
SHA3-384 hash: 8d7ee3124a67342d7673dd428ea256cb5ca899ae57e9f462822a7a24cf21adada65fb2a38037c6367a32d17a73987a87
SHA1 hash: bfdffc92590cf06f58284ba086dd56f74a5d55f5
MD5 hash: 4f7f9324e75de01aa60820a776fb25e2
humanhash: potato-berlin-london-mike
File name:Ship�s particular.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:667'666 bytes
First seen:2021-07-09 04:40:00 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:xpRXO0wZIR7Luyx1pdSU9v4WVFE3VkjImIFTJEoV4EzJBsSYq/iO6KYFQnvaHZHO:FyZK3u2pdZRfVFEqctdJEoV4E9HK5deb
TLSH T1CFE423495583560F9D0DBF416AD32F962A5BF655283D1834828358E3DB8BB3881CB7F3
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Cosco shipping specialized carriers<liuhs@coscol.com>" (likely spoofed)
Received: "from coscol.com (unknown [212.60.13.5]) "
Date: "08 Jul 2021 09:02:24 -0700"
Subject: "m/v da tong yun agency appointment for discharging operations"
Attachment: "Ship�s particular.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-08 16:04:24 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
10 of 29 (34.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=btg4uyarwcs52aiy2dpla4jx6uzula44vbp5uogxbgqx725qossq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210709-njxl5h8y5s/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Malware Config
C2 Extraction:
https://api.telegram.org/bot1765743101:AAFjAIqoiFu5pUMytacYpCrgIdiSe6mbRkM/sendDocument
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0ccdca6011b0a5dd0118d0deb07137f53345839ca85fda38d709a17febb074a5

(this sample)

AgentTesla

Executable exe 8f463e29a0ad7a756e1783e2aef3c46029dd74626a7c437772849ab921926b0c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f463e29a0ad7a756e1783e2aef3c46029dd74626a7c437772849ab921926b0c

Comments