MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fa788a8c80571c743fcb90513108f4f72ecc1f822f02eca91a0fe5e7b6c380f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fa788a8c80571c743fcb90513108f4f72ecc1f822f02eca91a0fe5e7b6c380f
SHA3-384 hash: 8b4d2aa710147097abf6ca66f18ed4bfd6a764a0a420b274824c9ef16055579928d81a3d134da7b2a11c8941fb9a035b
SHA1 hash: 43b6ec7aef6a68d01dea3dd00c1e7327e695b09f
MD5 hash: 682da0d0e30f7a6b63823a8f00d766d2
humanhash: seventeen-saturn-monkey-pluto
File name:copy.r15
Download: download sample
Signature AgentTesla
Create hunting rule
File size:685'867 bytes
First seen:2021-07-29 05:28:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:2MHGVU2kkEGsPRchBR43/2s/tPRDCyEXLP9ufPbocMk//zfYvOEKZxU0:QgkEGvintP0yyiPbocMk3MGFPU0
TLSH T186E423F46EDD00520D8DB968B20BEEB485F3AC6E52D81C2EB8B885EC1F64D16C7D6D05
Reporter cocaman
Tags:AgentTesla r15 rar


Avatar
cocaman
Malicious email (T1566.001)
From: "ivan.lewis@schindler.com" (likely spoofed)
Received: "from mx1.dreamhost.com (unknown [185.222.57.156]) "
Date: "29 Jul 2021 04:30:10 +0200"
Subject: "RE: Advance Payment"
Attachment: "copy.r15"

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-07-29 05:29:05 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h6tyrkgiavy4oq74xecrgeepj5zozqpyelyc5surud7f463mhahq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210729-svbbz7z3a2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
CustAttr .NET packer
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3fa788a8c80571c743fcb90513108f4f72ecc1f822f02eca91a0fe5e7b6c380f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 3fa788a8c80571c743fcb90513108f4f72ecc1f822f02eca91a0fe5e7b6c380f

(this sample)

AgentTesla

Executable exe b234fd2b368732a6c68a39b2d0c4386764e089a3f0bd74e595c73b40bc0c1c7d

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b234fd2b368732a6c68a39b2d0c4386764e089a3f0bd74e595c73b40bc0c1c7d

Comments