MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 191d5be451e6dfe59a04142c04f9becdd4e4595742cb30a212a530efdf990926. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 191d5be451e6dfe59a04142c04f9becdd4e4595742cb30a212a530efdf990926
SHA3-384 hash: 8a3875f0704c62fd8d5132083bfe93b254773abb2e6f4f151d1a9a153a318617d90762bb54a00512b1b3d82995fb196b
SHA1 hash: a00f3f3e9f4db9fe882c5a02d93152cf1aa5628e
MD5 hash: 2c6b9917962d7dcd200fdb0669d187e7
humanhash: early-cola-charlie-alabama
File name:SWIFT CODE.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:427'827 bytes
First seen:2021-10-12 05:48:15 UTC
Last seen:2021-10-12 05:48:57 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:rr+sBhjEyQoEfjMoAMEEq6rQTt4+MffMAr+b7BBYj50Wz:/+C4fjkM06sJdAr+fBu9z
TLSH T1909423CF489B5FC00F90E1B98BE73ACFF979064992DB7A9308755A47E6CC77158A2210
Reporter cocaman
Tags:AgentTesla r15 rar SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: "Sales@globetek.com" (likely spoofed)
Received: "from globetek.com (unknown [45.137.22.137]) "
Date: "12 Oct 2021 05:35:04 +0200"
Subject: "RE: INCORRECT BANK DETAILS/SWIFT CODE"
Attachment: "SWIFT CODE.r15"

Intelligence

File Origin
# of uploads :
3
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/616521d19fb4d8593d622723/reports/d5e2a73d-2299-4e35-99e6-bbf416bd5c3b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/191d5be451e6dfe59a04142c04f9becdd4e4595742cb30a212a530efdf990926/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-10-12 02:05:46 UTC
AV detection:
11 of 45 (24.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=deovxzcr43p6lgqecqwaj6n6zxkoiwkxilftbiqsuuyo7x4zbeta._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/211012-gh17asbdf7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/191d5be451e6dfe59a04142c04f9becdd4e4595742cb30a212a530efdf990926

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 191d5be451e6dfe59a04142c04f9becdd4e4595742cb30a212a530efdf990926

(this sample)

AgentTesla

Executable exe f4f5e820b5256651b441c484c16a5b1155a679e1fc4182f2e5aa086866a8fc18

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4f5e820b5256651b441c484c16a5b1155a679e1fc4182f2e5aa086866a8fc18

Comments