MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b
SHA3-384 hash: bbd5af065df1cd3a74e5f9d48730b94503e0f85f19086309fb4553563ca6b0cf171fc993e5955bc31396c54686e0abbb
SHA1 hash: cd7d70431103e91e5921267ac0668254ee129227
MD5 hash: c9bdfa7f83590dc6c971a11eef116a8b
humanhash: iowa-nine-bakerloo-tango
File name:CI & PL 2021 shipment for correction,pdf.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:6'169'600 bytes
First seen:2021-02-23 07:21:00 UTC
Last seen:2021-02-23 08:45:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 98304:m2mgYDKtH2gJm4GOHSnzKClSrHGL09axjjRe42AD76q0gxXRdaNbvc1Ws3310Leq:mDF4lSOCkrta9842AXN0KhdaBc8s33Kp
Threatray 59 similar samples on MalwareBazaar
TLSH F95623207304BB96E1271EF2C81B7510E1F9636B5571F25F28C77AEA54A3302419FBAB
Reporter abuse_ch
Tags:AgentTesla exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: [154.127.53.215]
Sending IP: 154.127.53.215
From: Sara<s.zennaro@omn.it>
Reply-To: bur.staten@bk.ru
Subject: Re: re: Correction
Attachment: CI PL 2021 shipment for correction,pdf.zip (contains "CI & PL 2021 shipment for correction,pdf.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/118499/
Detection(s):
SecuriteInfo.com.Malware.AI.1636643517.14727.26252.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/614920
Signature
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM_3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 07:21:16 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rflm54w62d3xy73bybwiadunfj6lezjz3j4nx6wta7wbipq65y5q._file
Verdict:
unknown
Similar samples:
199f078e93520f83664c2d903bd419fcd1919988b86ef2d36d2f77523dae56dd
AgentTesla
4158eda852ee2f9ccbeceed05ff97af35dac101ed395f622ba41d93ef2ddfedc
AgentTesla
5bbde3f5d6db7f3be36f4f0f08c86fd412a1c6085c5be438be7f1e9e181e3683
AgentTesla
77922c4a501aecfc8e78b5fcaa7c2ac1e97c70abc5f955407e7c72d918ce43f2
AgentTesla
8a5b53a6e1f5a39007cf25fc8a13838b345123546ca8d0360859a70179ff358e
AgentTesla
acbe0d54176227f28b98caaf141c82cc51e43a7b5797c1d3c76b01123e3f8f48
AgentTesla
b5a2fbfeb80e2e92039a23615df8b8f63f42d1331528f514b312d4946dc22607
AgentTesla
cfe1f69c2984de3f5d476db3ce45aa4d95a8137f0ff1ba07c1b0cecf15075c93
AgentTesla
df9b8b0093bdcff2dc73e2da55ea3c94cc90febcf05c4bb4edde266b3f376a55
AgentTesla
f2ae8f6f17f52a5a441b4e08441d388d499cfa75058896e7dfba8f58c92a4009
AgentTesla
+ 49 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210223-hgmclsl3wj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b
MD5 hash:
c9bdfa7f83590dc6c971a11eef116a8b
SHA1 hash:
cd7d70431103e91e5921267ac0668254ee129227
Link:
https://www.unpac.me/results/77b47286-f282-4948-8383-a2816daa3d44/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 0fa1bb23359cd60ec6c393705037b24e00c72846bc8c0f48dc4d412b0d39b350

AgentTesla

Executable exe 8956cef2ded0f77c7f61c06c800e8d2a7cb26539da78dbfad307ec143e1eee3b

(this sample)

  
Dropped by
MD5 c9f83092e4eec354094028a5a322b2ff
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118499/
  
Dropped by
SHA256 0fa1bb23359cd60ec6c393705037b24e00c72846bc8c0f48dc4d412b0d39b350

Comments