MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 70f5bd6f8b02cae21fa961eaddcbb3a423d18f7df5edc08f72a0c8b0e8de0fe2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 70f5bd6f8b02cae21fa961eaddcbb3a423d18f7df5edc08f72a0c8b0e8de0fe2
SHA3-384 hash: f3795023b1006cbb6c6b39daa04f92c527d6f99839cd6705a68caf177f178680061f03358f64b0f815532879830bd20e
SHA1 hash: 6f194f63d6f311206550906ba45e96ccf5e2e7a0
MD5 hash: 301202ac0a1f0c3f5eca6b93128a111a
humanhash: winner-eighteen-grey-kilo
File name:ASEAN LOGISTICS SHIPPING ADVICE.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:348'316 bytes
First seen:2022-04-29 10:57:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:vX0LLgYkkRQeuqu+3IZvJy887gjJRHDkBF3n4+HXJ6HZc/xbxWqE33koq6:Mg7Bek+3Ip07KfHDIzXsAxdWqEEr6
TLSH T1F87423DA25CD6C64DCA773A8030B1DF0243B262533BF676D1375AB0872B394BB53A261
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla Shipping zip


Avatar
cocaman
Malicious email (T1566.001)
From: "jerry<jerry@goldenrock.cn>" (likely spoofed)
Received: "from goldenrock.cn (unknown [180.214.238.82]) "
Date: "25 Apr 2022 16:52:01 -0700"
Subject: "Re: Shipping Advice"
Attachment: "ASEAN LOGISTICS SHIPPING ADVICE.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
160
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Scr.Malcodegdn30.1373.10871.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fareit obfuscated packed
Link:
https://www.filescan.io/uploads/626bc4c1a796b19348fb1d14/reports/b8da8fb2-902b-4ff9-9098-02904ca147bd/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/70f5bd6f8b02cae21fa961eaddcbb3a423d18f7df5edc08f72a0c8b0e8de0fe2
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/70f5bd6f8b02cae21fa961eaddcbb3a423d18f7df5edc08f72a0c8b0e8de0fe2/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-04-25 20:23:20 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
26 of 42 (61.90%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=od23234lalfoeh5jmhvn3s5tuqr5dd356xw4bd3sudelb2g6b7ra._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection evasion keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220429-m2tt8aefem/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Maps connected drives based on registry
Checks BIOS information in registry
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Looks for VMWare Tools registry key
AgentTesla Payload
Looks for VirtualBox Guest Additions in registry
AgentTesla
Malware Config
C2 Extraction:
https://api.telegram.org/bot1562684159:AAF0RHsedAMUFPfvPk6IyrreCEPxQ_b3Y3g/sendDocument
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/70f5bd6f8b02cae21fa961eaddcbb3a423d18f7df5edc08f72a0c8b0e8de0fe2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 70f5bd6f8b02cae21fa961eaddcbb3a423d18f7df5edc08f72a0c8b0e8de0fe2

(this sample)

AgentTesla

Executable exe 249e8306cc9990383459edb74ae9ecbd2abe7023a386c984d8b42adb39aa8469

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 249e8306cc9990383459edb74ae9ecbd2abe7023a386c984d8b42adb39aa8469
  
Dropping
AgentTesla

Comments