MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2dbfde1214b149951c26b4ea49847eedc3812dd54297619f70cccd03c8ee1e14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2dbfde1214b149951c26b4ea49847eedc3812dd54297619f70cccd03c8ee1e14
SHA3-384 hash: 5b92b1221f0d34873a53b54fcbe6f33d10dc2c49cfbeb533772a1f2859c2fbda2f3de3f4eb092a1026ebd1797c720dcf
SHA1 hash: 09dc883ae347a01efb2b9497d94f4f633016af2e
MD5 hash: 78da93b670d32157af689461404fe310
humanhash: coffee-edward-monkey-hot
File name:Bank Slip.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:510'317 bytes
First seen:2022-07-29 07:24:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:NI1Wns62ieb/XdFcSgGRsubrRMY6YOFD/2IOxB7kw/yMjl:/1m/XdFdaFi9xKwRl
TLSH T188B423FFDAE219BE6D9D637EFA022D1B3E35780AC284A4DA1665C2B10797140441C7AD
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla INVOICE Shipping zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Op-Tina <op@jrshipping.net>" (likely spoofed)
Received: "from jrshipping.net (unknown [103.170.255.231]) "
Date: "28 Jul 2022 21:08:39 -0700"
Subject: "INVOICE-Bank slip"
Attachment: "Bank Slip.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
255
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WZA.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Siggen18.28299.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62e3d092bcf76fcb6cce01cd/reports/a6d12749-9f93-4fb3-af89-96d73b866059/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/2dbfde1214b149951c26b4ea49847eedc3812dd54297619f70cccd03c8ee1e14
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2dbfde1214b149951c26b4ea49847eedc3812dd54297619f70cccd03c8ee1e14/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-07-29 03:44:13 UTC
File Type:
Binary (Archive)
Extracted files:
12
AV detection:
20 of 26 (76.92%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fw754equwfezkhbgwtvetbd65xbycloviklwdh3qztgqhshodyka._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/220729-h8y1asfdb2/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Checks computer location settings
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 2dbfde1214b149951c26b4ea49847eedc3812dd54297619f70cccd03c8ee1e14

(this sample)

AgentTesla

Executable exe 6b5886e8959ca9827b490ef0b58665261612a999ab837d28b3b7eac6e7ff282c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6b5886e8959ca9827b490ef0b58665261612a999ab837d28b3b7eac6e7ff282c

Comments