MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b6e793102058d786cd54fcdaa3633a91083e5b3d358c95e7d17e199723894a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7b6e793102058d786cd54fcdaa3633a91083e5b3d358c95e7d17e199723894a2
SHA3-384 hash: 33c629c54ba510e2d47cd078036f2387e32d660f505bff15f152ee3cde784e1b2b97da2e0ebbc760dd6ba524a932e3c7
SHA1 hash: 3fcc260f3397da042557743f3e7ca575ad483598
MD5 hash: 7c8f50e56e1bcbd6c79b5e4ea379cfab
humanhash: pip-eleven-tango-jupiter
File name:specifications.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:793'883 bytes
First seen:2021-04-27 09:14:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:3dTW+jj2JHcEl1F/qWh6OSl0jHYhBQU8yLB4bc3j:NK+2JHPl1FCWh6OSW8hBV8yLkGj
TLSH 2DF423FCDC0BF8ED70740DA15B84E359BDB857090568CA99475BEFBDC2369A8860A132
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "UT Technologies Pte Ltd <info@gac.com>" (likely spoofed)
Received: "from gac.com (unknown [103.138.109.241]) "
Date: "27 Apr 2021 00:46:33 -0700"
Subject: "URGENT INQUIRY"
Attachment: "specifications.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1485.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/7b6e793102058d786cd54fcdaa3633a91083e5b3d358c95e7d17e199723894a2
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7b6e793102058d786cd54fcdaa3633a91083e5b3d358c95e7d17e199723894a2/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-04-27 07:54:00 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
10 of 44 (22.73%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pnxhsmicawgxq3gvj7g2unrtveiihznt2nmmsxt5c7qzs4ryssra._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210427-15x6wqqs4x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/7b6e793102058d786cd54fcdaa3633a91083e5b3d358c95e7d17e199723894a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 7b6e793102058d786cd54fcdaa3633a91083e5b3d358c95e7d17e199723894a2

(this sample)

AgentTesla

Executable exe 3fc4ff06cc1b0592f61858e379655b271eb7c4ae1f94953b93d314d673b83e87

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3fc4ff06cc1b0592f61858e379655b271eb7c4ae1f94953b93d314d673b83e87
  
Dropping
AgentTesla

Comments