MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446
SHA3-384 hash: 45c1b8a9aa2574438171f0e90a6ad5f2a98d9ab1ad6ed1e0634b871bf57ebdb51adfc28fdb9251177deb255641c42624
SHA1 hash: c1913cca80d8be9c26316ee450b9bcf3ea24ca59
MD5 hash: 9b2a82117289990dba47902ced3fce91
humanhash: november-kitten-india-romeo
File name:SPECIALISED SWIFT.iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:661'504 bytes
First seen:2021-06-12 05:54:25 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:RKl4DoplA0tnkhyMe2sol51Rt4P9b3MPl1mh6uK9T2s8qaK83PC/Oyd7sY:K4DopFnkhyMeQl5OMN1mho9T6Y
TLSH 94E48CAC36507ADFC81BCD36CA681CA4EA213467571BD207A00B15ED9B1DA9BDF106F3
Reporter cocaman
Tags:AgentTesla iso SWIFT


Avatar
cocaman
Malicious email (T1566.001)
From: ""pandey Raveendra"<reply@linkedinmessages.com>" (likely spoofed)
Received: "from mail0.linkedinmessages.com (mail0.linkedinmessages.com [159.203.91.46]) "
Date: "11 Jun 2021 10:03:43 -0700"
Subject: "Fwd: FINAL BALANCE PAYMENT SWIFT COPY $.16,436.40"
Attachment: "SPECIALISED SWIFT.iso"

Intelligence

File Origin
# of uploads :
1
# of downloads :
319
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37082059.18667.25421.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-11 14:03:58 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
11 of 45 (24.44%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nouac2qglp2z7vattvznnbfqxehyqlask3kl5zub5zxijovrorda._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210612-qmbntawl8a/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 6ba8016a065bf59fd4139d72d684b0b90f882c1256d4bee681ee6e84bab17446

(this sample)

AgentTesla

Executable exe 1260c526c6bc88a3c92603aa3826b6581dfd134479cf4054cbc3de3df513d4a0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1260c526c6bc88a3c92603aa3826b6581dfd134479cf4054cbc3de3df513d4a0
  
Dropping
AgentTesla

Comments