MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f15a3b22ade7014d32d883cad61f88d775903b47f439cf8c2e42f8aa389de98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f15a3b22ade7014d32d883cad61f88d775903b47f439cf8c2e42f8aa389de98
SHA3-384 hash: 2510789594f136ac80d248fd80ab375d647a89f3273befe3b9578199d6ea6767559c88e831e6c66dd11e3fbb3bab24e8
SHA1 hash: b317b18b3f3c2a0c3a3a3c88f59f5c553d27e1ad
MD5 hash: c06717885349e9f9ce760c9c870fe520
humanhash: snake-whiskey-september-violet
File name:Details OF Payment.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:423'282 bytes
First seen:2021-11-02 07:14:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HxzV2bZuechG0e4aFZ/jdVJ8KcIsZ7oHSH:lcbYphQ4ar/jHpsxA0
TLSH T13794231CC461C9D12A554F98B27F8BC1E8ED998E301AD40D84BB7639B42B9187B477FC
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "mojahadul_dal@dirdgroup.org" (likely spoofed)
Received: "from dirdgroup.org (unknown [45.137.22.49]) "
Date: "02 Nov 2021 08:14:23 +0100"
Subject: "Confirm Of Bank Details.."
Attachment: "Details OF Payment.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.47300229.15364.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6180e5799982ff7c3f7a4512/reports/e39cea47-8dce-4dd2-9d43-e5a58f13eede/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5f15a3b22ade7014d32d883cad61f88d775903b47f439cf8c2e42f8aa389de98
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f15a3b22ade7014d32d883cad61f88d775903b47f439cf8c2e42f8aa389de98/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-11-02 07:15:08 UTC
AV detection:
6 of 44 (13.64%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l4k2hmrk3zybjuznra6k2ypyrv3vsa5up5bzz6gc4qxyvi4j32ma._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/211102-h287pabhg3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5f15a3b22ade7014d32d883cad61f88d775903b47f439cf8c2e42f8aa389de98

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 5f15a3b22ade7014d32d883cad61f88d775903b47f439cf8c2e42f8aa389de98

(this sample)

AgentTesla

Executable exe fa8bd1251585ca213e829251431bb498bc6b575f96d22112f2e2bafcbe3bd13b

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa8bd1251585ca213e829251431bb498bc6b575f96d22112f2e2bafcbe3bd13b

Comments