MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd
SHA3-384 hash: ce7f60f9823d61b45c50511024c501931acf266cfbfe79c5c9706bbd4a524494c4b9897f6744465cd915737d0551f84f
SHA1 hash: 49ed9c81b1909448a6c70bfe94dab9c497ec4f11
MD5 hash: ae76c24a7902343e202d8888a3e2cc8a
humanhash: neptune-lima-asparagus-burger
File name:payment.rar
Download: download sample
Signature AgentTesla
Create hunting rule
File size:694'171 bytes
First seen:2023-12-15 10:21:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Iq3RAPPg9Afw0c31ckXskyWdRGSaHADgWHFJJAI+eE5UbeHRnjwzWmcfoATqiIuI:IqRAPP1pi1AWdRGSaHAsqzZ+36ex0zWK
TLSH T131E4236FEAC0B0B765522164182BD9483BBD8DEB40D708F98CD7C27961744BC66F2E63
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:AgentTesla payment rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""jose.ramirez"<jose.ramirez@expeditors.com>" (likely spoofed)
Received: "from expeditors.com (unknown [91.92.243.208]) "
Date: "14 Dec 2023 08:53:53 -0800"
Subject: "payment slip"
Attachment: "payment.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:payment.exe
File size:900'096 bytes
SHA256 hash: 76b324f75db6095cf36f6cc55b3b7b9070a8f9ace436920cef5c792dbebebb15
MD5 hash: e19269d01c54d1f5a24e1c54d6b18768
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
infostealer masquerade packed
Link:
https://www.filescan.io/uploads/657c28caffafd83ebc909753/reports/991067cc-0614-4c4d-954f-9487d7a0a945/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-12-15 10:21:42 UTC
File Type:
Binary (Archive)
Extracted files:
19
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lh5iwhoc5kuszdkmmykfkg5ugaiixs5o2xxgvjc35tzk4kovw26q._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/231215-snfnbsdfdj/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 59fa8b1dc2eaa92c8d4c6614551bb430108bcbaed5ee6aa45becf2ae29d5b6bd

(this sample)

AgentTesla

Executable exe 76b324f75db6095cf36f6cc55b3b7b9070a8f9ace436920cef5c792dbebebb15

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 76b324f75db6095cf36f6cc55b3b7b9070a8f9ace436920cef5c792dbebebb15
  
Dropping
AgentTesla

Comments