MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e
SHA3-384 hash: df740e1d8f89cb5f896d40b5f6a2531f8564659d246c3e24d3aa5923214f6026d7103b0f6c9698c2d97a993649084a87
SHA1 hash: da457fa8b5c8c926c209fd80c7888c7f7f5d2340
MD5 hash: b74c6eac5ef1aeef99933ff9bca06f41
humanhash: green-eighteen-wyoming-diet
File name:Shipping Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r17
Download: download sample
Signature AgentTesla
Create hunting rule
File size:214'675 bytes
First seen:2021-06-14 08:43:21 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:KxnyTsFU5C4OJo2DZb/4iHgPvCerQ/htgM:KxyTsFZ4OW2DZ74me6GQ/x
TLSH 242423BCE3362A52D3DF6A0CB24819EB3AC23E552D11D3D538636DA11AED57FB49D008
Reporter cocaman
Tags:AgentTesla INVOICE r17 rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Lan Kim - Sales4 <asia@faircon.co.kr>" (likely spoofed)
Received: "from faircon.co.kr (unknown [203.159.80.83]) "
Date: "14 Jun 2021 09:53:21 +0200"
Subject: "FW: Shipping Docs//INV/PL/THS0094587"
Attachment: "Shipping Docs.Commercial Invoice. Packing List. Bill of LandingTHS0094587.r17"

Intelligence

File Origin
# of uploads :
1
# of downloads :
184
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqxiczyek6xu5dhvkmtne36ejgq2gcy6ar6svpu2l6voxnacj5ha._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210614-xrtarp51q2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 2c2e81670457af4e8cf55326d26fc449a1a30b1e047d2abe9a5faaebb4024f4e

(this sample)

AgentTesla

Executable exe 6920384d9876392a0ad476b75c5c45fec3933d379fada76802968e98c8184ed0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6920384d9876392a0ad476b75c5c45fec3933d379fada76802968e98c8184ed0
  
Dropping
AgentTesla

Comments