MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6
SHA3-384 hash: a7b5256c58a30a600158fdd1061e09425bb43e9ac2b153a6985f1c767644f0dfb47bb70a8acdaa2ed014138e95693912
SHA1 hash: cec1b53af2b52375998d80d5d5ad6e477fc61aed
MD5 hash: a889c0c38a9d15dfe92d67ec3751efba
humanhash: four-ink-stairway-mountain
File name:pago_080402020184767.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:609'412 bytes
First seen:2021-05-26 05:41:04 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:4Q0rlF+bitycJxNLJwtEfkKq+FnXYBM7rfYQFlZt:49bmGyAVJwqfFlFnXYMfZ
TLSH B0D423709DCA35CF713534B3BB18D249EE182D9B65588E2BAC6188B4EDDC11498FB38D
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "JAIME PRADANA LOPEZ<jaime.pradana@bbva.com>" (likely spoofed)
Received: "from rdns0.bermudezbiscult.com (unknown [185.104.112.102]) "
Date: "26 May 2021 08:16:50 -0700"
Subject: "=?UTF-8?B?Y29uZmlybWFjacOzbiBkZSBwYWdvIDA4LTAgNC0yMDIx?="
Attachment: "pago_080402020184767.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.647-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-26 05:42:09 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
23 of 46 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f754st6g7ufc7h5733wswdnb6htloq3fu7uja63xjxtti6hdedda._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210526-7stz329fz2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 2ffbc94fc6fd0a2f9fbfdeed2b0da1f1e6b74365a7e8907b774de73478e320c6

(this sample)

AgentTesla

Executable exe 8f413aa06fb8fbef72fbdc7d4a8966f77988665ef828733d4f4b19a1d83ce754

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f413aa06fb8fbef72fbdc7d4a8966f77988665ef828733d4f4b19a1d83ce754

Comments