MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 808ce24418cea7459e141edcd115d0b51067c575d24c8176dd192e4a6c80e51e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AgentTesla

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	808ce24418cea7459e141edcd115d0b51067c575d24c8176dd192e4a6c80e51e
SHA3-384 hash:	702e80b4ac77960c2476ef31fedf8a4282b7ec434aad57005c78a83222b0188e781d2f92ed7b84b49a518b16fec7eaf8
SHA1 hash:	a09ee2a3f69f7cb5f4237541e6e4ed916041ea1f
MD5 hash:	25d7e1505f336023fdf327ec29f319be
humanhash:	north-utah-pennsylvania-quiet
File name:	Bunker Form 1.zip
Download:	download sample
Signature	AgentTesla Create hunting rule
File size:	777'727 bytes
First seen:	2021-04-30 06:33:49 UTC
Last seen:	2021-04-30 07:04:23 UTC
File type:	zip
MIME type:	application/zip
ssdeep	12288:2qhtwVxlU6kXy5zr5EM/WdbdA2peIMVIiDtSNGuUtbrSs0M7kL+:2qou6kXy1r5E6iWbVtDtS0uYbrTsL+
TLSH	37F423D428E27DFB4136D8590B820FC29AFCE1E91184164E8799477FE47E273C6B2B61
Reporter	GovCERT_CH

Intelligence

File Origin

# of uploads :

2

# of downloads :

91

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.PackedNET.688-1.UNOFFICIAL

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/808ce24418cea7459e141edcd115d0b51067c575d24c8176dd192e4a6c80e51e

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/808ce24418cea7459e141edcd115d0b51067c575d24c8176dd192e4a6c80e51e/

Threat name:

Win32.Trojan.AgentTesla

Status:

Malicious

First seen:

2021-04-30 00:07:07 UTC

AV detection:

14 of 47 (29.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qcgoerayz2tulhqud3oncfoqwuigprlv2jgic5w5dexeu3ea4upa._file

Result

Malware family:

agenttesla

Score:

10/10

Tags:

family:agenttesla keylogger spyware stealer trojan

Link:

https://tria.ge/reports/210430-1bcqyhteba/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

AgentTesla Payload

AgentTesla

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/808ce24418cea7459e141edcd115d0b51067c575d24c8176dd192e4a6c80e51e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 808ce24418cea7459e141edcd115d0b51067c575d24c8176dd192e4a6c80e51e

(this sample)

exe 9bc1b60515f614f9830515fe1cfdfc042522256ce84befe0719ed1ecafe5fd07

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 9bc1b60515f614f9830515fe1cfdfc042522256ce84befe0719ed1ecafe5fd07

Dropping

MD5 965b8f34a079715dc15b7a5aa8d4ebb9

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample