MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c1a6a14ee8633cd3040e7faa98d48631edde10f6d6e0db5d1d11594922506ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c1a6a14ee8633cd3040e7faa98d48631edde10f6d6e0db5d1d11594922506ec
SHA3-384 hash: a43a3d46fef3e5515b4de5176c347512be5e1ad9b6aca455b182ad53024c7bc9d017b67c40609b3d91100c28f887b5a2
SHA1 hash: 0cbd9796c8a550cb970f5e5baa440a786f8d7edd
MD5 hash: 6d959cd2a4838735cd5487cb9fa39e19
humanhash: sad-illinois-music-tennis
File name:Invoice-BELIMPEX-210705 (49.611MT Core Board).BZ2
Download: download sample
Signature AgentTesla
Create hunting rule
File size:381'166 bytes
First seen:2021-10-08 06:40:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:70sMehSqtz7p0hVXdUsR3sCFlyGXrAkL2Gw2FTrHqZKtOjODLZWWbvMuSxNH4Kp6:NMeTcXis3s/GXz2GnrHdOqD9HUrpJWPd
TLSH T1E58423C44C191A8F6661D0CFA53065AD6C894F1B0FB69C63A8E7F2B2518271CF2B4DF9
Reporter cocaman
Tags:AgentTesla bz2 INVOICE rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""John Matta" <jmatta@fadelgroup.com>" (likely spoofed)
Received: "from fadelgroup.com (unknown [185.222.57.88]) "
Date: "07 Oct 2021 15:44:29 +0200"
Subject: "RE: BELIMPEX PFI-210705 MF20210114504 (50MT Core Board)"
Attachment: "Invoice-BELIMPEX-210705 (49.611MT Core Board).BZ2"

Intelligence

File Origin
# of uploads :
1
# of downloads :
219
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/615fe80298a6280f39344809/reports/35b619e9-4c72-480f-9ceb-86c8b4492336/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c1a6a14ee8633cd3040e7faa98d48631edde10f6d6e0db5d1d11594922506ec/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-10-07 08:18:04 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jqngufhoqyz42mca475ktdkimmpn3yipnvxa3nor2ekzjerfa3wa._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/211008-hfa3rsdfcm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c1a6a14ee8633cd3040e7faa98d48631edde10f6d6e0db5d1d11594922506ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 4c1a6a14ee8633cd3040e7faa98d48631edde10f6d6e0db5d1d11594922506ec

(this sample)

AgentTesla

Executable exe 7e327f717e68756a9a9c66d11777b442dfda467537ddb7e426a4ff606fd72151

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7e327f717e68756a9a9c66d11777b442dfda467537ddb7e426a4ff606fd72151

Comments