MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55abc1a7cccd31354b1dd385c0df99dd2b701a4bf6210ddbf3305d06f3d3a60c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55abc1a7cccd31354b1dd385c0df99dd2b701a4bf6210ddbf3305d06f3d3a60c
SHA3-384 hash: 8a73436e3fcdabedf5a3c74aced2084f916ed4e57a32b9a2c5bb33f8fba8cc18c40eb8ba3d22752871dc25c86f3dcdd7
SHA1 hash: 8bbb3a02df2f9919485e2bcae84517a79afc98fb
MD5 hash: 60f6ef0c21237ee5f61c4eee0287d8cf
humanhash: nitrogen-hawaii-asparagus-batman
File name:DHL Delivery Documentation.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:519'917 bytes
First seen:2022-04-14 05:44:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:YiclpYysYpQRZBVQvMb2Ayf3+hJtocxOTlR0eyUF3YS5yk:TYoZBVQvhAMuhrorieyUVP3
TLSH T16FB423BF4A77512BCAE246B6E1076BC6B7C116C3E6001AC917640ADCED0CF61ABD71A1
Reporter cocaman
Tags:AgentTesla DHL zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""DHL Express" <check@nechckout.net>" (likely spoofed)
Received: "from box.nechckout.net (box.nechckout.net [143.244.164.10]) "
Date: "12 Apr 2022 11:00:26 -0700"
Subject: "Informed delayed delivery"
Attachment: "DHL Delivery Documentation.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
199
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.39484655.26723.31707.UNOFFICIAL
Create hunting rule

Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55abc1a7cccd31354b1dd385c0df99dd2b701a4bf6210ddbf3305d06f3d3a60c/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-04-13 03:43:38 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
19 of 41 (46.34%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwv4dj6mzuytksy52oc4bx4z3uvxagsl6yqq3w7tgboqn46tuyga._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220414-gfqmsaggd5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla
Malware Config
C2 Extraction:
https://api.telegram.org/bot5279095555:AAE4HwAzPbUle9whPqEu6faWeNRU-6BRHps/sendDocument
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/55abc1a7cccd31354b1dd385c0df99dd2b701a4bf6210ddbf3305d06f3d3a60c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 55abc1a7cccd31354b1dd385c0df99dd2b701a4bf6210ddbf3305d06f3d3a60c

(this sample)

20fcfc6ddac561cc8a1d7d6446249713fe8b48534386a9c503c7b28438f212eb

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20fcfc6ddac561cc8a1d7d6446249713fe8b48534386a9c503c7b28438f212eb

Comments