MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 389f593eff1b5bc4c552f9765ac8b5070f910428b430a4fc16ca6f8379128a52. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 389f593eff1b5bc4c552f9765ac8b5070f910428b430a4fc16ca6f8379128a52
SHA3-384 hash: 0f106c5daaf08422489bcbb7e1f2bd2123fbe332f4851213e7b44a9389bcd84d6d9d7ce1e2d77af7605c9629102d92d6
SHA1 hash: d771cfd2f9f150133b4e87a3d9525aa37188ced2
MD5 hash: 4778f98cba5479ab74aff1123c05c032
humanhash: robin-east-jupiter-march
File name:NEW ORDER INQUIRY_B90202821.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:537'676 bytes
First seen:2021-05-12 05:48:44 UTC
Last seen:2021-05-12 06:01:41 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:7KEeUtvM47vX/EhwL1L4tjHw3T00aE6b2akm6F3cHd6u13C:hM47vXchwxL4tTw3jaE1a1Hd6j
TLSH 65B4239BA15EE2BD08DBA86990419B913CB48B18A1F2D2DF46480C7D4747DEB3EC353D
Reporter cocaman
Tags:gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Jason Fry <sales@serra.de>" (likely spoofed)
Received: "from serra.de (unknown [103.133.105.111]) "
Date: "11 May 2021 13:47:58 -0700"
Subject: "NEW ORDER INQUIRY_B90202821"
Attachment: "NEW ORDER INQUIRY_B90202821.pdf.gz"

Intelligence

File Origin
# of uploads :
11
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/389f593eff1b5bc4c552f9765ac8b5070f910428b430a4fc16ca6f8379128a52/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-05-11 13:56:18 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
12 of 47 (25.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hcpvspx7dnn4jrks7f3fvsfva4hzcbbiwqykj7awzjxyg6isrjja._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210512-7f97hwfkz2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/389f593eff1b5bc4c552f9765ac8b5070f910428b430a4fc16ca6f8379128a52

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 389f593eff1b5bc4c552f9765ac8b5070f910428b430a4fc16ca6f8379128a52

(this sample)

AgentTesla

Executable exe 2b753f49b613e63e1147071b6935bf5a010f95f42145099e38a2eba447e6e625

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b753f49b613e63e1147071b6935bf5a010f95f42145099e38a2eba447e6e625

Comments