MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58bc6b10c47e8c17fa5037f5c4592711961d90e5225bc94a286ba6a02d617af3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58bc6b10c47e8c17fa5037f5c4592711961d90e5225bc94a286ba6a02d617af3
SHA3-384 hash: d69d9cf5e75b62817ae5fc12d27b2114b4f1a119f4c3406693a5ebcf207328840a93f3df1cfadbe496f03a27fe2968a2
SHA1 hash: 8600621b3c7eba428361f4d17298b99b530e0a17
MD5 hash: ff71ae6c972592026c0edf176627eb83
humanhash: sad-seventeen-alpha-magnesium
File name:memorandum.Tar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:577'747 bytes
First seen:2021-06-21 06:01:50 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:RWQZii7Mpe8ccTKJjgvMlwkqu5ShhjP0/A9rED/LKtLvjpYuCl:RWKiiIpbNMlT5S/jM/ANED/2tLtW
TLSH 5EC42342CB5C43329D9F99B0D8807E652D2A5CCFBF455BB04C92008F9B6E2AD6570BE9
Reporter cocaman
Tags:AgentTesla rar tar


Avatar
cocaman
Malicious email (T1566.001)
From: "sales <info@deleum.com>" (likely spoofed)
Received: "from deleum.com (unknown [77.247.110.207]) "
Date: "21 Jun 2021 04:42:19 +0200"
Subject: "DPSB-REQUEST FOR STATEMENT OF ACCOUNT AS AT 31st MAY 2021"
Attachment: "memorandum.Tar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.27604.16118.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58bc6b10c47e8c17fa5037f5c4592711961d90e5225bc94a286ba6a02d617af3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-21 01:52:39 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lc6gwegep2gbp6sqg724iwjhcglb3ehfejn4ssrinotkallbplzq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210621-2nsjq9ev36/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58bc6b10c47e8c17fa5037f5c4592711961d90e5225bc94a286ba6a02d617af3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 58bc6b10c47e8c17fa5037f5c4592711961d90e5225bc94a286ba6a02d617af3

(this sample)

AgentTesla

Executable exe 16687d1c2945be78cbcabfb542520fc4f0a153b820aed024d8dd0032be6a7b0f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16687d1c2945be78cbcabfb542520fc4f0a153b820aed024d8dd0032be6a7b0f

Comments