MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34c3fb94605e71bc4fd8ef9af5ac2ebc42c055c7b7ac3a72053f59c2ccd400bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34c3fb94605e71bc4fd8ef9af5ac2ebc42c055c7b7ac3a72053f59c2ccd400bd
SHA3-384 hash: fff4cf433bf916624ef97a39b750dedadf7a69e10755c97771bdf7f5c34a628f5971169ce48d5ac7a09bf9653782def5
SHA1 hash: b01e8c2d7c7f4ce2aee64d145a0011aaa2bf1548
MD5 hash: a085f18120dd82c04923293958406120
humanhash: johnny-cold-fifteen-alpha
File name:BL-210915L0.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:414'079 bytes
First seen:2021-10-12 05:55:24 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:oxoJ3cEnAAmvPxE6Gm5sncZ5EfLJUWfnKRx9H0QeYyXbRdcvafxFklIuyYRY:aoJ3Xnvgi6ns25EfLJUS+9beY7vT/Y
TLSH T1959423873A34812FBC43E6D1611DF23F92A8F02ED545E69D206A3E70DA9C7F545CAE24
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "cnkisawa@163.com" (likely spoofed)
Received: "from 163.com (unknown [103.28.70.165]) "
Date: "12 Oct 2021 07:52:16 +0200"
Subject: "RE: NEW P.O. 22-061CT SO-21706385 ETD10/4"
Attachment: "BL-210915L0.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
139
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Bulz.773636.6753.872.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/61652375fd35fe780c39e7c8/reports/910d4bb9-b9b5-4582-8364-f371ec5c3f52/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/34c3fb94605e71bc4fd8ef9af5ac2ebc42c055c7b7ac3a72053f59c2ccd400bd
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34c3fb94605e71bc4fd8ef9af5ac2ebc42c055c7b7ac3a72053f59c2ccd400bd/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-10-12 05:35:08 UTC
AV detection:
5 of 34 (14.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gtb7xfdalzy3yt6y56npllboxrbmavohw6wdu4qfh5m4ftguac6q._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/211012-gm2nmabdgl/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/34c3fb94605e71bc4fd8ef9af5ac2ebc42c055c7b7ac3a72053f59c2ccd400bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 34c3fb94605e71bc4fd8ef9af5ac2ebc42c055c7b7ac3a72053f59c2ccd400bd

(this sample)

AgentTesla

Executable exe abd41bdb6e8d9af551ee9f633789fb055a184a53ff0522091f39eb33c5179e27

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 abd41bdb6e8d9af551ee9f633789fb055a184a53ff0522091f39eb33c5179e27

Comments