MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511
SHA3-384 hash: 2ab2b702d9a7dd6d236cdb58f81cf5a5da75ed97ad9fc201a0bdd834a6f749b4931e39b60cf470a6da46657bc612307b
SHA1 hash: 2355722cf49a6ed5225e4c2a3acaa7a7cb5dce9f
MD5 hash: afdb536d27ca2869377edc08042c6f73
humanhash: spring-queen-vegan-oscar
File name:Modis list.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:702'640 bytes
First seen:2023-06-20 06:47:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:xBRSNXQxlHafkNeobPvq9eaksk9QCeria2WfCj+ixHX9/3vpcy4kwrLCjiyuL+A2:xBRSNXIHaMNPbvsk9QC+fQ+Ytn2/kwvE
TLSH T1C2E423D0F54DE5B665FB0EF3A47A499C3BB50CCE19BF619C4F21BA916A03C098092369
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla Shipping zip


Avatar
cocaman
Malicious email (T1566.001)
From: "<operation@sonmezshipping.com>" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [45.137.22.178]) "
Date: "19 Jun 2023 14:38:31 +0200"
Subject: "RE: RE: FW: 2023/05/19 order shipment "
Attachment: "Modis list.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Modis list.exe
File size:803'840 bytes
SHA256 hash: 97289b7b81716c422ed44dc42d80db0ba56989bff3a879d31a28b935686475bf
MD5 hash: 99a77bd8f75fd2652edaa880ca1bae26
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1999.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Inject4.58411.14147.17084.UNOFFICIAL
Create hunting rule

Sanesecurity.Rogue.0hr.20230619-0934.UNOFFICIAL
Create hunting rule

Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
comodo formbook packed remcos
Link:
https://www.filescan.io/uploads/64914ba40d4f96f7b605dafc/reports/7f474f75-180a-4fbb-9dd1-01ce9afb3403/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-06-19 08:24:12 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hztcv4kbmzctgspg2vnwfzzkhaihizj4jlrbi2zilglt3jjs6uiq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/230620-hm3flaaf25/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 3e662af14166453349e6d55b62e72a381074653c4ae2146b2859973da532f511

(this sample)

AgentTesla

Executable exe 97289b7b81716c422ed44dc42d80db0ba56989bff3a879d31a28b935686475bf

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97289b7b81716c422ed44dc42d80db0ba56989bff3a879d31a28b935686475bf
  
Dropping
AgentTesla

Comments