MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61561a41dc8d1f14e6f5c06a9f11f882f23e832977fe2166aad57d572a7f052f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61561a41dc8d1f14e6f5c06a9f11f882f23e832977fe2166aad57d572a7f052f
SHA3-384 hash: b906fc76cd6dccd63863bbfede7deb5feb31a62557270c710faf59e0b72b9b6b3a783f644cec8140efb54df83012b84c
SHA1 hash: 2793c1c5c6dea36e06ddf680d26b7602fd87edeb
MD5 hash: af2a125db76371f00afc06424c60dd77
humanhash: early-fourteen-oscar-colorado
File name:RFQ Inquiry 322716990-988927347478.pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:208'314 bytes
First seen:2021-07-12 05:35:58 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:TdGhTeuwnpxInBiH+PKiTsWrYITNYc4rSXOSAlaZK:TdwEnpKi2KM/xYc4XSAuK
TLSH T1621412E64BFB1DD36C1C309361AC97E814DD8BCB466E3D29E931CDD2A84705E9AF8114
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Muhammad Tahir Ashraf <aalmirco.llc@rambler.ru>" (likely spoofed)
Received: "from ptjasaci.verio.com (mail.castleasia.com [64.150.160.67]) "
Date: "Mon, 12 Jul 2021 08:31:40 +0700"
Subject: "RFQ Inquiry 32271699012-988927347478"
Attachment: "RFQ Inquiry 322716990-988927347478.pdf.gz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.Variant.Jaik.46770.14411.28841.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61561a41dc8d1f14e6f5c06a9f11f882f23e832977fe2166aad57d572a7f052f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-12 02:08:34 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mflbuqo4ruprjzxvybvj6epyqlzd5azjo77cczvk2v6vokt7auxq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210712-v6m8r7rpce/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/61561a41dc8d1f14e6f5c06a9f11f882f23e832977fe2166aad57d572a7f052f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 61561a41dc8d1f14e6f5c06a9f11f882f23e832977fe2166aad57d572a7f052f

(this sample)

AgentTesla

Executable exe 34d51de5f6c433888504bd7b61cf58b92647599b80ba2aef103e58c4f6567e41

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 34d51de5f6c433888504bd7b61cf58b92647599b80ba2aef103e58c4f6567e41
  
Dropping
AgentTesla

Comments