MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e560babfb99237fc5129a254a3f0770927c99f641dd105fabf6d2c491b49fe5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e560babfb99237fc5129a254a3f0770927c99f641dd105fabf6d2c491b49fe5
SHA3-384 hash: 897ca84e4ff637037199c84c0000646649feab8f0638bccb24a8c608a3a64ed9e670ad0521dc6af9e308fcc0ba90bb99
SHA1 hash: 42162b154f80d4a7c6d1f0b4a601faaf70e98987
MD5 hash: b57c52d46b58153eca590f0a4c107aa0
humanhash: music-jig-gee-berlin
File name:PO#A91641,A91642.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:464'378 bytes
First seen:2021-10-06 05:52:47 UTC
Last seen:2021-10-06 06:12:37 UTC
File type: 7z
MIME type:application/x-rar
ssdeep 6144:saf3ZSPh9se8GZlINiUfD4uB2K2fLhqh1b1WLxGkWUb3EPgqIAlgF0Ae6SwSpSuL:sOwJRIoUsUVz1CMofiI0h6cSs
TLSH T169A42371D8D59EE68B2056B8C37F1CE5E10B38538F92D7C692809E0744A9FF0A578DB2
Reporter cocaman
Tags:7z AgentTesla


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?B?UmFkZWsgxIxlcnZpbmth?= <radek.cervinka@m-technology.cz>" (likely spoofed)
Received: "from m-technology.cz (unknown [185.222.58.155]) "
Date: "5 Oct 2021 01:06:46 +0200"
Subject: "10+2 for PO#a91641,a91642"
Attachment: "PO#A91641,A91642.7z"

Intelligence

File Origin
# of uploads :
2
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/615d39c698a6280f3932bb80/reports/2abcf666-5e2c-4d45-a4c0-79e2ca366edf/overview
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5e560babfb99237fc5129a254a3f0770927c99f641dd105fabf6d2c491b49fe5/
Threat name:
ByteCode-MSIL.Dropper.Reversembly
Create hunting rule
Status:
Malicious
First seen:
2021-10-05 00:27:22 UTC
AV detection:
9 of 44 (20.45%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lzlaxk73terx7ristisuupyhocjhzgpwihorax5l63jmjenut7sq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/211006-glcywaaeh2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5e560babfb99237fc5129a254a3f0770927c99f641dd105fabf6d2c491b49fe5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z 5e560babfb99237fc5129a254a3f0770927c99f641dd105fabf6d2c491b49fe5

(this sample)

AgentTesla

Executable exe 615c4ca029ef6a8539a039a4a57fb5f19018f1a9d5f28c3cd3523ba0a37cacff

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 615c4ca029ef6a8539a039a4a57fb5f19018f1a9d5f28c3cd3523ba0a37cacff
  
Dropping
AgentTesla

Comments