MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 371855b80ef1a4d99ea78f2804e06f2c9ba390e23dc03aa7db1fa644ee16108f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 371855b80ef1a4d99ea78f2804e06f2c9ba390e23dc03aa7db1fa644ee16108f
SHA3-384 hash: 14505b36409fdfc066b03a5209567ccaca4e45e23340b90b85d185a9df91a75da7c3f65c7741ee8f468de65dbf83b503
SHA1 hash: bcc55f9fea68f7eda0c59e8ce62dd72e7d7300d2
MD5 hash: 8f09c2a64edb392d6791d2ad5e504128
humanhash: equal-echo-colorado-failed
File name:CCSX09B00730_drw-pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:535'474 bytes
First seen:2021-06-09 05:43:54 UTC
Last seen:2021-06-09 05:45:42 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:YIRSAuj8SATs352FweAx3FbgUMvydKNpxZwtjZayYwOfe6A9:YIR9SYspbD3FbgHMwyROfej9
TLSH FAB423751831AB3D22D360A4B11F3A7074AB84B13B0FC90EAC38F52D45D9AA52D974FB
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Piyush Tilara <sales@pacmachinery.com>" (likely spoofed)
Received: "from pacmachinery.com (unknown [103.232.53.200]) "
Date: "8 Jun 2021 12:35:07 -0700"
Subject: "Perfect-RFQ!!"
Attachment: "CCSX09B00730_drw-pdf.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
181
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/371855b80ef1a4d99ea78f2804e06f2c9ba390e23dc03aa7db1fa644ee16108f/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-09 04:10:41 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g4mfloao6gsnthvhr4uajydpfsn2hehchxadvj63d6tej3qwcchq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210609-428m1cn9mx/
Behaviour
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/371855b80ef1a4d99ea78f2804e06f2c9ba390e23dc03aa7db1fa644ee16108f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 371855b80ef1a4d99ea78f2804e06f2c9ba390e23dc03aa7db1fa644ee16108f

(this sample)

AgentTesla

Executable exe bf34fa3c5af0d5c9016ed0875a716a7dee35b6bac88ff33cf9bb6dbf67c0af91

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf34fa3c5af0d5c9016ed0875a716a7dee35b6bac88ff33cf9bb6dbf67c0af91
  
Dropping
AgentTesla
  
Dropping
SHA256 5cf6e78b628641dae59b9982c33e6dff174d23125b15ee53073e52f186ac6d6f

Comments