MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20
SHA3-384 hash: 5637e0f68dabf4d6af67a71ef21fee2e64e1f210a269aa3feea01a04d3e092d6c889c26d22e530ed69df7978e02e4165
SHA1 hash: 0f04347968ad70cee88f7f30eef11ae239aaf65f
MD5 hash: 30afa5ef47ad71f43a7eebece150be6d
humanhash: steak-gee-oven-fanta
File name:New PO.pdf.'.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:586'556 bytes
First seen:2021-04-19 14:51:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:c2Qznptr1qBbF8IefEcMzlFOt451V96Wq1ox8iobliS5RWBr8EACO6lcIIU:Ynptc1FkMdo+LDGvAFW/COhlU
TLSH D7C4231B7FB4FD221D658F380B6BD805A0B15C2327A569BF13D269FCF25DCA12225453
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.658-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nvknhzcsjkaee3p7bjmpqgryjctbgtp7co2p75s2xwtqnxnvjqqa._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210419-8x8zjclqza/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 6d54d3e4524a80426dff0a58f81a3848a6134dff13b4fff65abda706ddb54c20

(this sample)

AgentTesla

Executable exe 587de2149d6418990852b59fdb044911f6dd33f60bc6392fb2e93c8538b91453

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 587de2149d6418990852b59fdb044911f6dd33f60bc6392fb2e93c8538b91453
  
Dropping
MD5 ea2f6afd43fe464c3b90f05762def390

Comments