MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd
SHA3-384 hash: 131c585bfa722ce07c465d76e82d33c2da34544a4b4ff4d48a26e44d2d9883442eceefb6d681e494a7871578a67c62a8
SHA1 hash: 0114886896b9e89b91b3b391297cd2741ff4d57e
MD5 hash: 5dbcaf19f445bd7d6777b38763fc17e4
humanhash: florida-floor-india-alaska
File name:India CI PL Puss N Boots rev�.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:364'082 bytes
First seen:2022-12-18 12:35:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:dJ8O7RQ1ywVrdevc658TpEUhvKxgD8aQq9tNxBXUyZtBRnjPvSpGCd:dJ8O7VwN60yOLTXtBGBd
TLSH T18C74235176D103B97F63E4BB2E095C1477076BCC4AB4DFD4A824C9AFA99A1F83A3214C
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?Vmlub2QgS3VtYXLCoA==?=<vinod@consortiumgifts.com>" (likely spoofed)
Received: "from consortiumgifts.com (unknown [45.137.22.173]) "
Date: "15 Dec 2022 10:35:19 +0100"
Subject: "RE:NEW SHIPPMENT "
Attachment: "India CI PL Puss N Boots rev�.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:India CI PL Puss N Boots revÿ.exe
File size:488'448 bytes
SHA256 hash: 7caee77923f5ac934e4f2eef1cef871dd7664a62105be162f3011b9362161000
MD5 hash: 4d45941bacd0b91bbb6a0e9290d48edc
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.9916.32225.UNOFFICIAL
Create hunting rule

Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/639f09336d67fcee0f9ab596/reports/6bc04c46-fde6-409d-8139-258826098547/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-12-15 04:40:56 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
17 of 40 (42.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b2l2j2js4xvkh5reopmimwvvlfibqpl3b3iez7z5a2uwylmrttoq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/221218-qjybgacb29/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0e97a4e932e5eaa3f62473d8865ab55950183d7b0ed04cff3d06a96c2d919cdd

(this sample)

AgentTesla

Executable exe 7caee77923f5ac934e4f2eef1cef871dd7664a62105be162f3011b9362161000

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7caee77923f5ac934e4f2eef1cef871dd7664a62105be162f3011b9362161000
  
Dropping
AgentTesla

Comments