MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d23f275f23eb59ce83d71ebbb1bce6f7023cfe8c12bdcbc05433c12ac48c176. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	6d23f275f23eb59ce83d71ebbb1bce6f7023cfe8c12bdcbc05433c12ac48c176
SHA3-384 hash:	88d807d78b5baa167e74e13594064e37753a71e59bd8d637c3defe6a9e83bec425564b7583e70dff16aff8e871c10330
SHA1 hash:	37a52a9e4be79b8feae6475539753703c6e1a322
MD5 hash:	19001d8db5889077cddc637d2b6a7e76
humanhash:	connecticut-foxtrot-zebra-eight
File name:	PB2EF396HB2Z.GZ
Download:	download sample
Signature	AgentTesla Alert Create hunting rule
File size:	9'433 bytes
First seen:	2023-06-21 11:30:26 UTC
Last seen:	2023-06-21 11:44:16 UTC
File type:	gz
MIME type:	application/x-rar
ssdeep	192:sDUcVHmV3rv/G4uZs6zjN/t7igrVgWNTCWBKjWMr3tbKscWeqAsh1ap:sJQvO4+s6VteiNiWq3t1crqAcO
TLSH	T1B412AE2231AFA87B217807FF27D48393214090E65B1446AB81E7A57FD27230DF785B2B
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter	cocaman
Tags:	AgentTesla gz

cocaman

Malicious email (T1566.001)
From: "Nur Fadila<equote2@venture.com.sg>" (likely spoofed)
Received: "from [141.98.10.53] (unknown [141.98.10.53]) "
Date: "21 Jun 2023 13:44:01 +0200"
Subject: "Quote Request-URGENT"
Attachment: "PB2EF396HB2Z.GZ"

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

118

Origin country :

CH

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

Relevant files 1

File name:	PB2EF396HB2Z.exe
File size:	17'920 bytes
SHA256 hash:	66c869949719a64950f5aaf24a687b04bdc73d8690264cad8861716129f3c216
MD5 hash:	c8b1d37a3da721f6f73b95294e4eef86
MIME type:	application/x-dosexec
Signature	AgentTesla

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

Sanesecurity.Rogue.0hr.20230621-1234.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6492df7673cb23e4dbf804e9/reports/c0ab4f94-9d60-4238-b268-5b985cf51c32/overview

Hybrid Analysis Malicious

Verdict:

Malicious

Link:

https://www.hybrid-analysis.com/sample/6d23f275f23eb59ce83d71ebbb1bce6f7023cfe8c12bdcbc05433c12ac48c176

InQuest UNKNOWN

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6d23f275f23eb59ce83d71ebbb1bce6f7023cfe8c12bdcbc05433c12ac48c176/

ReversingLabs TitaniumCloud Win64.Trojan.AgentTesla

Threat name:

Win64.Trojan.AgentTesla

Alert

Create hunting rule

Status:

Malicious

First seen:

2023-06-21 00:19:26 UTC

File Type:

Binary (Archive)

Extracted files:

2

AV detection:

11 of 36 (30.56%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nur7e5psh22zz2b5ohv3wg6on5ycht7iyev5zpafim6bflciyf3a._file

Hatching Triage agenttesla

Result

Malware family:

agenttesla

Alert

Create hunting rule

Score:

  10/10

Tags:

family:agenttesla collection keylogger spyware stealer trojan

Link:

https://tria.ge/reports/230621-rc9atshh48/

Behaviour

Modifies system certificate store

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

AgentTesla

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6d23f275f23eb59ce83d71ebbb1bce6f7023cfe8c12bdcbc05433c12ac48c176