MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86c623c75ae308fab4ec3ca485a838f5e5819f8dacfd0d8dfe0a6789f08ce50c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86c623c75ae308fab4ec3ca485a838f5e5819f8dacfd0d8dfe0a6789f08ce50c
SHA3-384 hash: e481184a1d8f96b39b4a30080800c7fc06539c7c4f02badaa6234ea17bdeadc5a59c8f1de06082eae1c8f944ae4f7eaa
SHA1 hash: 443d75d228f16aa459eb7a4aebeecf243aa04ffd
MD5 hash: 6a71eab9d6772283fbab5642d90680e7
humanhash: violet-cardinal-oregon-mobile
File name:INV9854784321.Scan.pdf....iso
Download: download sample
Signature AgentTesla
Create hunting rule
File size:540'672 bytes
First seen:2021-11-09 12:37:37 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:hmFwRM0M1G6aBvjh3Jai6XgK3is7JU619az8bE9msvb3kTA+TTMx5yosY3X7XR4J:QwRZ4GF2iZK3BczKE9msITA+Eyo
TLSH T142B4F1651AA0412ACEC96C354985ED3301622EB29BD68EA936ECDDE73FD730BD421731
Reporter cocaman
Tags:AgentTesla INVOICE iso


Avatar
cocaman
Malicious email (T1566.001)
From: "thinhnguyen27392@hotmail.com" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [185.222.57.242]) "
Date: "9 Nov 2021 07:21:38 +0100"
Subject: "Order# 1006847-Attached invoice"
Attachment: "INV9854784321.Scan.pdf....iso"

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_pdf.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Inject4.18950.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/618a6baddec3347825a06810/reports/1354aae3-dd77-4469-9218-f8580ba5e6af/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86c623c75ae308fab4ec3ca485a838f5e5819f8dacfd0d8dfe0a6789f08ce50c/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-11-09 12:38:08 UTC
AV detection:
14 of 45 (31.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q3dchr224mepvnhmhssilkby6xsydh4nvt6q3dp6bjtyt4em4uga._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/211109-pt3s9sccfp/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Malware Config
C2 Extraction:
https://api.telegram.org/bot2085273929:AAF6JV5ewkDDpaql6RT-_c_zRxMTE-Bjwiw/sendDocument
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/86c623c75ae308fab4ec3ca485a838f5e5819f8dacfd0d8dfe0a6789f08ce50c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

iso 86c623c75ae308fab4ec3ca485a838f5e5819f8dacfd0d8dfe0a6789f08ce50c

(this sample)

AgentTesla

Executable exe 43f98fd0954ce20ba35a5117134425322fa2fbb7ab474709e3217dbbe94dbc60

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 43f98fd0954ce20ba35a5117134425322fa2fbb7ab474709e3217dbbe94dbc60

Comments