MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe
SHA3-384 hash: f7d19768aba68e537530e34d3b45038c3272c30058237dc68543cfb65315a87ebfaf6dbff8f84fac2d83aad94415e290
SHA1 hash: 3a51f68e57cf33634cb3d942ae05719740b38c48
MD5 hash: d557f61f0c43966511bd9712b91b134c
humanhash: burger-early-berlin-washington
File name:New Order.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'082'880 bytes
First seen:2021-01-07 14:09:38 UTC
Last seen:2021-01-07 15:32:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'473 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 24576:YRv+SpURJaGY7I5Q1u2rdid1Ap3LDG2dn26:GxmaGRG1u2rddp3PVnN
Threatray 1 similar samples on MalwareBazaar
TLSH AA35BF50A7A99BB0F1FF837C957A000097F4B580D79ACB3E7DA160EC2962346B875637
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: sino-steel.net
Sending IP: 69.12.73.228
From: Chad<sale22@sino-steel.net>
Reply-To: windowlinux551@gmail.com
Subject: New Order Request
Attachment: New Order.zip (contains "New Order.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
231
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
New Order.exe
Verdict:
Malicious activity
Analysis date:
2021-01-07 14:23:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bb03df60-6d22-401a-9fd8-5f69510c0519

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
AgentTeslaV3
Create hunting rule
Link:
https://www.capesandbox.com/analysis/110850/
Detection(s):
SecuriteInfo.com.ArtemisTrojan.6117.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
24 / 100
Link:
https://www.joesandbox.com/analysis/575900
Signature
Initial sample is a PE file and has a suspicious name
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 337006 Sample: New Order.exe Startdate: 07/01/2021 Architecture: WINDOWS Score: 24 16 Initial sample is a PE file and has a suspicious name 2->16 6 New Order.exe 3 2->6         started        process3 process4 8 New Order.exe 6->8         started        10 New Order.exe 6->10         started        12 New Order.exe 6->12         started        14 2 other processes 6->14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe/
Threat name:
ByteCode-MSIL.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-07 14:10:12 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=foh2mmxkddpab7zyx4jpmfymwffavlt2zid334eqp5627t3htl7a._file
Verdict:
unknown
Similar samples:
8428c5045d1fbd4ae7c0c020024e03ee55ac6c4116b4bd3dbcc4e9bf2580d727
AgentTesla
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210107-klv687z1x6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
51bc43ea3f9a3393b558ff8b32d1aafa7892b0e1e357788f5ea2b1cd5e113b63
MD5 hash:
d65cdd035be415fb784be22b31f36375
SHA1 hash:
9aa307fe40410240529e411145bb7a7ee8ecdd7a
Link:
https://www.unpac.me/results/858dd8eb-e910-4fac-ac4f-568fa52dff63/
SH256 hash:
78cc69e2bac1d1082fdcd12ab9f73c8fbe177d4c77c3741a1f675afc19fde7df
MD5 hash:
0d89407b450dd157f3eac8a3a3850a07
SHA1 hash:
ae3cd291f2a022360896d4fae4f005f2b50a8364
Link:
https://www.unpac.me/results/858dd8eb-e910-4fac-ac4f-568fa52dff63/
SH256 hash:
212e44bbe9775a3a5b539b9d1289cd80a84bfa7bd55e695cd488885fcf9ab19c
MD5 hash:
47e3899b21c0d6495e12b1abe5adb965
SHA1 hash:
b87726be5752892d4f8906800df7e3a734a07bcc
Link:
https://www.unpac.me/results/858dd8eb-e910-4fac-ac4f-568fa52dff63/
SH256 hash:
2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe
MD5 hash:
d557f61f0c43966511bd9712b91b134c
SHA1 hash:
3a51f68e57cf33634cb3d942ae05719740b38c48
Link:
https://www.unpac.me/results/858dd8eb-e910-4fac-ac4f-568fa52dff63/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01

AgentTesla

Executable exe 2b8fa632ea18de00ff38bf12f6170cb14a0aae7aca07bdf0907f7dafcf679afe

(this sample)

  
Dropped by
MD5 dba948ef276c7006efe14939e36b6dd4
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 d29c745f93e92e4723419f19c291f9f3f73ace3a8a280b5104fbcbaa11d3ed01
Cape
Cape
https://www.capesandbox.com/analysis/110850/

Comments