MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460c1a3e3ebb44c19e9f66dbf1c097fb2d357d82dc318350c0a56968a441d2aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ag


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 460c1a3e3ebb44c19e9f66dbf1c097fb2d357d82dc318350c0a56968a441d2aa
SHA3-384 hash: 34693c24e969e6f7d384abcd01eb2220a76b79d8d95443c584f1b8ab69c1c6ec7ded2fc191c58e6ed101dd6db82e64c3
SHA1 hash: a5e7416a13f21de65311f97dca568320813241dc
MD5 hash: a80a4ba88be1063baf9a06fe67d6bf29
humanhash: jupiter-triple-tango-wolfram
File name:order 20210407DTR001.pif.gz
Download: download sample
Signature ag
Create hunting rule
File size:781'388 bytes
First seen:2021-07-26 11:05:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:i/G8eNyTAHY8PkMTAuhE/sp7koYbAtFWdfotCDmHCsKqLa99XDNBHWnMy:YGSTyDkMTAGEYoAtFWOCDmiJu8pNBHwB
TLSH T17EF4235C089586C958FF460C73B44221EC29F24D7AE453E9C6E0E47C78D2966BE1B8BF
Reporter cocaman
Tags:ag gz


Avatar
cocaman
Malicious email (T1566.001)
From: ""Purchase" <info@taca.com.tr>" (likely spoofed)
Received: "from taca.com.tr (unknown [45.137.22.38]) "
Date: "26 Jul 2021 12:40:07 +0200"
Subject: "RE:Provide a P/I for the order 20210407DTR001"
Attachment: "order 20210407DTR001.pif.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W32.MSIL_Kryptik.DZG.6478.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Gathering data
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-26 11:06:03 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iygbupr6xncmdhu7m3n7dqex7mwtk7mc3qyygugauvuwrjcb2kva._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210726-7qd2ytedfn/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/460c1a3e3ebb44c19e9f66dbf1c097fb2d357d82dc318350c0a56968a441d2aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

ag

gz 460c1a3e3ebb44c19e9f66dbf1c097fb2d357d82dc318350c0a56968a441d2aa

(this sample)

ag

Executable exe 13d90261f73ecaa7455ccdaf16de6d96b122e8829cbf0ffe84ab89fc2cf4cad2

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 13d90261f73ecaa7455ccdaf16de6d96b122e8829cbf0ffe84ab89fc2cf4cad2

Comments