MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ab01a88c4c00fe682f2aad2b9ff94d4e75ff64b0b8ed1a9acd1d0e3355a67c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ab01a88c4c00fe682f2aad2b9ff94d4e75ff64b0b8ed1a9acd1d0e3355a67c4
SHA3-384 hash: 39cdffce95b203025e99ebea3703f94b2bb8e6389e7fdd858ad37164677ecb7ef90ee603fdada2da66a7210b720c9cef
SHA1 hash: 351de24dbce36541f3c8bda15406c79f907d183a
MD5 hash: ee1a02f41b9d469da42fb77ffa89bd63
humanhash: william-autumn-wisconsin-mango
File name:Swift Copy.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:679'922 bytes
First seen:2021-06-23 12:00:34 UTC
Last seen:2021-06-23 12:05:17 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:4tf2amEatZXoxFXdbZgmKcD/yfdyxZKAPOdqufRP8ySZJmTa:492nE6ZXo7NLgdyxI7AuHSZYW
TLSH F1E42389D6E0986FF5E32B5F1B1D0A7614EBB6B56F581738B0172060268B8CF1239E1C
Reporter cocaman
Tags:AgentTesla SWIFT zip


Avatar
cocaman
Malicious email (T1566.001)
From: "suresh.behra@panchmahalunion.coop" (likely spoofed)
Received: "from panchmahalunion.coop (unknown [45.137.22.110]) "
Date: "23 Jun 2021 09:48:24 +0200"
Subject: "RE: Balanced Payment"
Attachment: "Swift Copy.zip"

Intelligence

File Origin
# of uploads :
3
# of downloads :
141
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fn112.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.20816.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/3ab01a88c4c00fe682f2aad2b9ff94d4e75ff64b0b8ed1a9acd1d0e3355a67c4
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ab01a88c4c00fe682f2aad2b9ff94d4e75ff64b0b8ed1a9acd1d0e3355a67c4/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-23 10:56:32 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
11 of 45 (24.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hkybvcgeyah6naxsvljlt74u2ttv75slbohndknm2hiognk2m7ca._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210623-9evwbdhhxs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3ab01a88c4c00fe682f2aad2b9ff94d4e75ff64b0b8ed1a9acd1d0e3355a67c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3ab01a88c4c00fe682f2aad2b9ff94d4e75ff64b0b8ed1a9acd1d0e3355a67c4

(this sample)

AgentTesla

Executable exe dcc9eeebc5a6c66f0b4695773211a00b58143d94970e2dac265d0499a55dea43

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dcc9eeebc5a6c66f0b4695773211a00b58143d94970e2dac265d0499a55dea43

Comments