MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5acc833d0d95ecd4ef4533990df1c7b6b9edcd9c7e42e920eb6a5d7e1ea09858. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5acc833d0d95ecd4ef4533990df1c7b6b9edcd9c7e42e920eb6a5d7e1ea09858
SHA3-384 hash: a260c8591cbc6a4b6575fd0b2b14c30c3ca66014c5c9fceb60198565ab5b56c99eec8ba4a43f89d78e5c2912ef872ec0
SHA1 hash: 4c203d23ffd3c17fe68aa29e6060d7e8679a8f9b
MD5 hash: dde74c34ba189cc87aec0b0db5354eb2
humanhash: mexico-mississippi-virginia-tennis
File name:CV_DOCX.001
Download: download sample
Signature AgentTesla
Create hunting rule
File size:286'124 bytes
First seen:2021-06-09 16:06:43 UTC
Last seen:2021-06-09 16:08:51 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:zdAAUtmjMVk72IzsbaMCjlGSyNkZGLOn/gqiSZIfG8RaCOWJp6RkZ:zO+E42QMIqgxF5IfZJME
TLSH DE542395E8A08A3C894D11AD4B4AD23E4893CF7D283DD1D8EE1DFB5CB68E492F443467
Reporter cocaman
Tags:001 AgentTesla rar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Rose" <personale@asmed.net>" (likely spoofed)
Received: "from asmed.net (unknown [103.232.53.200]) "
Date: "9 Jun 2021 06:09:38 -0700"
Subject: "Position Applied for: Accounts Officer"
Attachment: "CV_DOCX.001"

Intelligence

File Origin
# of uploads :
2
# of downloads :
303
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5acc833d0d95ecd4ef4533990df1c7b6b9edcd9c7e42e920eb6a5d7e1ea09858/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-08 22:30:40 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=llgigpinsxwnj32fgomq34ohw2463tm4pzbosihlnjox4hvatbma._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210609-t418gjnmg2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.49
Link:
https://yomi.yoroi.company/submissions/5acc833d0d95ecd4ef4533990df1c7b6b9edcd9c7e42e920eb6a5d7e1ea09858

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar 5acc833d0d95ecd4ef4533990df1c7b6b9edcd9c7e42e920eb6a5d7e1ea09858

(this sample)

AgentTesla

Executable exe f408ea148b23449b7fc7db69c2f6585d441043cd1b4a60957af3bc9b188b8480

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f408ea148b23449b7fc7db69c2f6585d441043cd1b4a60957af3bc9b188b8480
  
Dropping
AgentTesla

Comments