MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77270d353b8a6cafeafa79d7ed10d460c9c546b54e9fd75084426b897b1288f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77270d353b8a6cafeafa79d7ed10d460c9c546b54e9fd75084426b897b1288f0
SHA3-384 hash: 61d28f4510f6449f356df4dcf9437be966d36899d69ad9327bb6419daf6f9b010de1d9feb8cb9c681ec2c91d73d17e8e
SHA1 hash: 4378665ce68a6ac7ab8ed2b5893e1c29c7c87f62
MD5 hash: 59baf13ff7f20041f9c1bb37d654e36f
humanhash: bravo-winter-oven-double
File name:T20009002.LZH
Download: download sample
Signature AgentTesla
Create hunting rule
File size:222'364 bytes
First seen:2021-07-15 05:35:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:KQVuPNjXwrt0VnUp+eQO7M5cF29oJCuxP:KdPNTw50JWL7Sck9obP
TLSH T1AD24237B7D738839CB70E9EBC5C68A74C8F8A65D7D8B44168397A6874D3808F64B0853
Reporter cocaman
Tags:AgentTesla INVOICE lzh zip


Avatar
cocaman
Malicious email (T1566.001)
From: "thinhnguyen27392@hotmail.com" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [185.222.58.136]) "
Date: "15 Jul 2021 13:05:42 +0800"
Subject: "INVOICE#090000"
Attachment: "T20009002.LZH"

Intelligence

File Origin
# of uploads :
1
# of downloads :
156
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Zum.Androm.1.20641.5671.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/77270d353b8a6cafeafa79d7ed10d460c9c546b54e9fd75084426b897b1288f0
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77270d353b8a6cafeafa79d7ed10d460c9c546b54e9fd75084426b897b1288f0/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-07-15 05:36:06 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4tq2nj3rjwk72x2phl62egumde4krvvj2p5oueeijvys6ysrdya._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210715-h3emhd4hk2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/77270d353b8a6cafeafa79d7ed10d460c9c546b54e9fd75084426b897b1288f0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 77270d353b8a6cafeafa79d7ed10d460c9c546b54e9fd75084426b897b1288f0

(this sample)

AgentTesla

Executable exe 7959429fb1fa4b3ff3f628eae0fe1efd7d373eb42f6c6ef1e68b5fb4a6d9d67e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7959429fb1fa4b3ff3f628eae0fe1efd7d373eb42f6c6ef1e68b5fb4a6d9d67e

Comments