MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ca0e4fa7acf9765dac61610aad74416d08f53439a8f653147e3e936f0adb051. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	4ca0e4fa7acf9765dac61610aad74416d08f53439a8f653147e3e936f0adb051
SHA3-384 hash:	2eb01bd940387299ee06b03fa5d9252257481503c94138c41966d321352ff58d605e296af822bc6cc7106a6ec53dee4b
SHA1 hash:	cb5097c9c4b6202bbe5b567bf6e914586260f20a
MD5 hash:	bfd67488f9119ba5429dc8a0af814c78
humanhash:	quebec-double-autumn-sink
File name:	TT Copy 20231218.tar.001
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	906'752 bytes
First seen:	2023-12-18 11:00:49 UTC
Last seen:	2023-12-18 14:13:52 UTC
File type:	tar
MIME type:	application/x-tar
ssdeep	12288:WPR00WG/pREqtod3MH2m5IHQ6M2OH8BosFQkDwrPxOqkX8X4C5VEDy7MP7r9r/+l:s0SpVtgMV5YnM2BskgYC5VEDOM1q
TLSH	T16415DFC5E98565A5DD18ABB06A37CD3542233EBDA874A46C28DE3E273BFB3D31025017
TrID	62.9% (.TAR/GTAR) TAR - Tape ARchive (GNU) (17/3) 37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Reporter	cocaman
Tags:	001 AgentTesla tar

cocaman

Malicious email (T1566.001)
From: ""Ana Hoang" <ana@bandoglobal.vn>" (likely spoofed)
Received: "from bandoglobal.vn (unknown [45.137.22.230]) "
Date: "18 Dec 2023 10:21:32 +0100"
Subject: "RE: RE: NEWTIMES FABRIC PO TO JINLING (PO-72) #Y19-0266-3 (Q 13617) S66064"
Attachment: "TT Copy 20231218.tar.001"

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	TT Copy 20231218.exe
File size:	905'216 bytes
SHA256 hash:	0390ab5a06e04c8c38776aeeea11fd0352230d049be1defb139e71e8906114ba
MD5 hash:	54679e8d61d8b6504a9d91e0bc618aa7
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.MulDrop24.34313.137.6868.UNOFFICIAL

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/65802673314dbc3b9b58e4d2/reports/3ad45a74-8491-4e85-9924-a7a66d0349ec/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/4ca0e4fa7acf9765dac61610aad74416d08f53439a8f653147e3e936f0adb051

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Score:

100%

Verdict:

Malware

File Type:

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/231218-nlj6hsabfp/

Behaviour

Creates scheduled task(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Program crash

Suspicious use of SetThreadContext

Checks computer location settings

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4ca0e4fa7acf9765dac61610aad74416d08f53439a8f653147e3e936f0adb051

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 4ca0e4fa7acf9765dac61610aad74416d08f53439a8f653147e3e936f0adb051

(this sample)

AgentTesla

exe 0390ab5a06e04c8c38776aeeea11fd0352230d049be1defb139e71e8906114ba

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 0390ab5a06e04c8c38776aeeea11fd0352230d049be1defb139e71e8906114ba

Dropping

AgentTesla

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample