MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2
SHA3-384 hash: 651219ddaf86ac8f7239cc92ebd5c6e76b8dc35e9b3ae9d93cbec7b560dec9a61141eac91fc8ccc4c869e92dd4f297ae
SHA1 hash: da3c2e182fc5f964688eaf938b24439517eb5971
MD5 hash: 86a531bfa7963c79478e937ee52e2b94
humanhash: mars-paris-oxygen-six
File name:Statement Of Account.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:564'265 bytes
First seen:2021-07-06 05:20:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:tNq93wEWJAdLqdrEQ2Kck75bZAXWZZEy40UNk88sp:tNq9357Q55ZeDm88sp
TLSH 7DC4331E334C97EBB591FCD2FAED74593110128B5FF4212368A898346B3AF64E601F19
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?VGlmZmFueSBGZW5n6aau6JCN6JCN?=<tiffany.feng@lotes.com.cn>" (likely spoofed)
Received: "from lotes.com.cn (unknown [185.222.57.72]) "
Date: "05 Jul 2021 18:09:11 +0200"
Subject: "RE: Statement Of Account"
Attachment: "Statement Of Account.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.13608.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24891.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-05 22:11:41 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jclkyuxxqa2ooa3tn2op4pjmyg2arducdqw5j72vyuy4cqkbllza._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210706-dej238hsta/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 4896ac52f78034e703736e9cfe3d2cc1b4088e821c2dd4ff55c531c141415af2

(this sample)

AgentTesla

Executable exe c8aa28f1143bf3cfbaa0a067109896538cbbfb5eac08f922bf287d12c7f2948a

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c8aa28f1143bf3cfbaa0a067109896538cbbfb5eac08f922bf287d12c7f2948a

Comments