MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33adfcc3b09f4fc7d2596ec89d67bfc0fe883208e4e0250c8a7f3d5aacdde9c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33adfcc3b09f4fc7d2596ec89d67bfc0fe883208e4e0250c8a7f3d5aacdde9c0
SHA3-384 hash: c229983e042b213717bb162f3a216a691ed9b88a29cffe6923326149f8da1b62d1836dd8d36af2a52c5d33bebbbb1a8f
SHA1 hash: 736e92d2315787e3089d0b56d660677c44288839
MD5 hash: 6e52c86423b939a825f1013a414e486b
humanhash: apart-oscar-idaho-skylark
File name:PO-240621.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:388'799 bytes
First seen:2021-06-25 06:22:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:vr4GLk9xAOdLz9d+K1DVT8Bv5NXUIcC6CYaegzBSSmH8Y82A+n2CVps+urWbp1KJ:D4H9pl9cKJVov5NXUV9CY11Sb/+2ksOA
TLSH 0084233C262E36F97304C5E365494A8027406DEDFF1DED6EC8C32AC695E6262D8B390C
Reporter cocaman
Tags:AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Dariusz Gawor <Dariusz.Gawor@tpteltech.pl>" (likely spoofed)
Received: "from hosting7.sartweb.pl (hosting7.sartweb.pl [94.23.94.138]) "
Date: "Thu, 24 Jun 2021 14:33:39 +0100"
Subject: "Purchase Order"
Attachment: "PO-240621.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27572.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33adfcc3b09f4fc7d2596ec89d67bfc0fe883208e4e0250c8a7f3d5aacdde9c0/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-24 13:52:49 UTC
AV detection:
9 of 45 (20.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gow7zq5qt5h4puszn3ej2z57yd7iqmqi4tqckdekp46vvlg55haa._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210625-vdldbng5bn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/33adfcc3b09f4fc7d2596ec89d67bfc0fe883208e4e0250c8a7f3d5aacdde9c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 33adfcc3b09f4fc7d2596ec89d67bfc0fe883208e4e0250c8a7f3d5aacdde9c0

(this sample)

AgentTesla

Executable exe d71dcb4033372c29718b4946805429deca50ecedde74e761784917d771dc6e87

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d71dcb4033372c29718b4946805429deca50ecedde74e761784917d771dc6e87
  
Dropping
AgentTesla

Comments