MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321
SHA3-384 hash: 168a0beae01706ee29f859b2406bc878c1f10978c31b8fbcae6744454fd7c78598fc274ba7595c2c2f5ae40e284046ba
SHA1 hash: 875c610a50fa8e58a394bcf4a4fb7cd28ea2918e
MD5 hash: 18b44f77e1e7745e9fd83d75ad01df91
humanhash: high-foxtrot-finch-freddie
File name:Invoice 01859.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:506'648 bytes
First seen:2021-04-28 11:24:23 UTC
Last seen:2021-04-29 18:32:27 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:81QmaToe3iE5NAN15sCs7nhQwbLwTK0kMUoUZf7qR3wBMUoB:cQZhWpfsmokTK01UT57qR3WMUS
TLSH E2B423894D0A8690B960C21D91EF650F583CD4A7BD6CE828FFCE9842B932C9D4C7B75D
Reporter cocaman
Tags:AgentTesla INVOICE rar


Avatar
cocaman
Malicious email (T1566.001)
From: "accounts@ccmarine.in" (likely spoofed)
Received: "from ccmarine.in (unknown [185.222.57.216]) "
Date: "28 Apr 2021 03:29:11 -0700"
Subject: "Re-Confirm Attached Invoice For Payment Process"
Attachment: "Invoice 01859.rar"

Intelligence

File Origin
# of uploads :
3
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-28 10:32:06 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b3nyzdm76byjm55muzgmoi5yembnergpxhogseuwosvec7kjkmqq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210428-1hnqeh574n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 0edb8c8d9ff0709677aca64cc723b82302d244cfb9dc69129674aa417d495321

(this sample)

AgentTesla

Executable exe 66c452b78b6021522f6b726773698cf4bc94e3e6a6b220ca930996afb30fab7c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 66c452b78b6021522f6b726773698cf4bc94e3e6a6b220ca930996afb30fab7c
  
Dropping
AgentTesla

Comments