MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7
SHA3-384 hash: 757621b71339ca19a413e2e7fc715c9721214f736cb286ff8f67e476a3b437c37a783cf3b1b10806c160413dd0765ffc
SHA1 hash: f53064308daaf5012ae26da7a2f18de34b4f23fe
MD5 hash: c36ad7f2af4301e441cc4a3145a83708
humanhash: eight-batman-berlin-king
File name:SOA COPY.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:552'615 bytes
First seen:2021-04-20 20:51:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:UMzGGJILQRJaOplh588XPFAVAMbTXfJB9OhZMnOEugCoPPfg:/JILQ/1fyAM/fysOEumA
TLSH D6C42387FA797B3742B065109A510B4B2DCBE203524EF64E9E052D7FE141ED0A37A3D6
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7/
Threat name:
ByteCode-MSIL.Infostealer.Coins
Create hunting rule
Status:
Malicious
First seen:
2021-04-20 09:41:54 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2oe2spudgo7legd3yauhucjittembqmrepc4b24sxit4tcwthlq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210420-s6n8rd913j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7

(this sample)

AgentTesla

Executable exe e8834d8376e9d83c926bd5ccbaf4af8bf76ad6d49fb4245a69253e5052293e07

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e8834d8376e9d83c926bd5ccbaf4af8bf76ad6d49fb4245a69253e5052293e07
  
Dropping
MD5 5b06b2e2ac7a46b0a010e22b8b757842

Comments