MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1656c8b0d2cf6a2c990f87b2774a242cccc62ce6b9cd725cc5d5b3ef46585734. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1656c8b0d2cf6a2c990f87b2774a242cccc62ce6b9cd725cc5d5b3ef46585734
SHA3-384 hash: da5245ab7433862b7919542b7f7e3ed90a1ff19e96bb90137e8a183b03c9f3ae75d2ab8b63a364acc21fc0c3ae5a4502
SHA1 hash: dc132ac636607071efa970451a3ae454972b0a59
MD5 hash: df83dd99902d5cfeb821b47c703f2603
humanhash: india-music-nevada-delaware
File name:DHL_Waybill_596003711.xlsx
Download: download sample
Signature AgentTesla
Create hunting rule
File size:40'010 bytes
First seen:2020-05-08 11:02:14 UTC
Last seen:Never
File type:Excel file xlsx
MIME type:application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
ssdeep 768:EHsqmyvYvFuggVUYRhfLTG4uc3ObCOeQbMemBvcSszd5iqhFYPR07MiOGxkO:kfvYvFZQUUhO4umObCOZQrKviqhoR07Z
Threatray 10'689 similar samples on MalwareBazaar
TLSH 4603F1D0A5E6785CC3FE903ACC9A333D4BD839061A43070B6F903998BDEEEF8155A555
Reporter jarumlus
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Malware.XML.Autoload-1.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.EQAndMisCasedOleNativeWasTheCaseThatTheyGaveMe.20200215.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Document-Word.Exploit.CVE-2017-11882
Create hunting rule
Status:
Malicious
First seen:
2020-04-30 06:37:14 UTC
File Type:
Document
Extracted files:
15
AV detection:
16 of 31 (51.61%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=czlmrmgsz5vczgipq6zhosreftgmmlhgxhgxexgf2wz66rsyk42a._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
0af91caf5bfd256133203be73629b6fc15dda3a6d11b007549babf7118763cfe
AgentTesla
1b8967747fc03efc0867c491b18e3f3be0b35b9c068499ae3d35f6e860f6ec7d
AgentTesla
217b725d60bbb5cd972b449e8dc966492ea4f229455b420f30b8169412553c83
AgentTesla
47ff742f6ae59b63d6ac7dceacf44797a36f453b95813dd19fef90cd86bfe580
AgentTesla
663277c04235edb713829c334eb54aba6c34bb2c12c92b0f7df97a08df5d5d48
AgentTesla
6b239e6d6e691710a8482ee2679b39cbf372c15db6e82a00757fb7c4a7f36127
AgentTesla
91af9754037394b1767f053d85d87630bed3ba9a52ca6865c2805b8c733b1b5c
AgentTesla
b691873f9ddb9f018597d0551714cc1cf7148d02c3e9e75e3f5db59ff89fa59e
AgentTesla
d23160f942937c33e3a828ca8eb3caa8ed69dc8295b9a019b66b16dbd1a2a0c2
AgentTesla
e0f4d5681c4d19ec5ea23db306f6956889ab939a392113ad631a31bdcbd57d21
AgentTesla
+ 10'679 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-l7b988s3v2/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Launches Equation Editor
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

Excel file xlsx 1656c8b0d2cf6a2c990f87b2774a242cccc62ce6b9cd725cc5d5b3ef46585734

(this sample)

AgentTesla

Executable exe e0f4d5681c4d19ec5ea23db306f6956889ab939a392113ad631a31bdcbd57d21

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0f4d5681c4d19ec5ea23db306f6956889ab939a392113ad631a31bdcbd57d21
  
Dropping
MD5 24739fb9e71cabc65cc2bca23e1b6b76

Comments