MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46dd53f3096877a4cad89b77f2d23018d8bc5887a9c0d699cb43ffe9d0b5e29d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments

SHA256 hash: 46dd53f3096877a4cad89b77f2d23018d8bc5887a9c0d699cb43ffe9d0b5e29d
SHA3-384 hash: 588e16a0f9944811b9b8a11cc12f008fcd6c723418e8284a5e9b42f000667c6076f72770f6c68fe738792c03cf0b4880
SHA1 hash: c13081e8eba34ca1619f7e8a11e2e8677878d292
MD5 hash: 42a82a614937b74596344fa2a1a7c737
humanhash: michigan-winner-nitrogen-mars
File name:documentos Fedex.js
Download: download sample
Signature AgentTesla
File size:1'917 bytes
First seen:2022-01-03 14:30:00 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 48:cyRLOMERAoTG1wZInJvt8vMMekRItjmfmwUeSJm:nYTG1wZQt8EMvEyfmwUeem
TLSH T1DF41BBDE2FC061A0335A57F6B82AE08CF465ACA734EDC87B5206E195780161D8CB6E33
Reporter @abuse_ch
Tags:AgentTesla FedEx js


Twitter
@abuse_ch
Payload URL:
http://mudanzasdistintas.com.ar/vvt/td.exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
353
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
50%
Tags:
evasive
Result
Verdict:
MALICIOUS
Threat name:
Script-JS.Downloader.Heuristic
Status:
Malicious
First seen:
2022-01-03 14:30:10 UTC
File Type:
Text (JavaScript)
AV detection:
8 of 43 (18.60%)
Threat level:
  2/5
Result
Malware family:
agenttesla
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer suricata trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
NSIS installer
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Loads dropped DLL
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
AgentTesla Payload
AgentTesla
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:MALWARE_Win_RedLine
Author:ditekSHen
Description:Detects RedLine infostealer
Rule name:SUSP_obfuscated_JS_obfuscatorio
Author:@imp0rtp3
Description:Detect JS obfuscation done by the js obfuscator (often malicious)
Reference:https://obfuscator.io

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments