MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960
SHA3-384 hash: d114c3afa32263db68a0655443930baaa8251626173c013d65b79fc5c23836c636325aecb99051b1bebf30a91e4855f9
SHA1 hash: 5d68cc9f1f111225ba7d009fbb314a4a9c839ca2
MD5 hash: ce47b6121ac5b0bdfee736a9981540df
humanhash: seventeen-harry-chicken-twenty
File name:numero de referencia de los documentos de envio..gz....pdf
Download: download sample
Signature AgentTesla
Create hunting rule
File size:681'672 bytes
First seen:2021-05-07 13:47:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:FjGDofFAnIyecsv3KRQBJWelzGF+K9LYA11gfRBsv8A6o7IdmpLLs0fU:ADesIHcWRBJ71Y+gcA11my8AV7Idmhc
TLSH 4EE42374EC9F71B20B0066A197F1FFE9A3087D5530F7225636C66368889587CC8D39BA
Reporter cocaman
Tags:DHL pdf


Avatar
cocaman
Malicious email (T1566.001)
From: "Gerente de carga de DHL <pagos.fletes@dhl.com>" (likely spoofed)
Received: "from vps.chomga.com (slot0.chomga.com [185.121.120.135]) "
Date: "Fri, 07 May 2021 14:07:32 +0100"
Subject: "Nueva =?UTF-8?Q?notificaci=C3=B3n=20de=20env=C3=ADo=20de=20DHL=23?="
Attachment: "numero de referencia de los documentos de envio..gz....pdf"

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960/
Threat name:
ByteCode-MSIL.Infostealer.Coins
Create hunting rule
Status:
Malicious
First seen:
2021-05-07 13:48:16 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cm6plymtna2dokuf4so7kdjsiyudcafrhozpd5uv5j3tgn2w3fqa._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210507-vcd8d7j42n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 133cf5e1936834372a85e49df50d3246283100b13bb2f1f695ea77333756d960

(this sample)

AgentTesla

Executable exe 7e1aa246e5ed02c2c9bd9fb175a973035e8ba0cd587e9c7f3b2e815017398c9f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7e1aa246e5ed02c2c9bd9fb175a973035e8ba0cd587e9c7f3b2e815017398c9f

Comments