MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94cf6a006229ebd5b43fd23823b11d91f51a2ed5ddb10a285bc1d92b4f22a052. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94cf6a006229ebd5b43fd23823b11d91f51a2ed5ddb10a285bc1d92b4f22a052
SHA3-384 hash: ca515fe0add559d7106beee9a0b488bf1a2cca6c7cf1e8c3df2c80f8655a2bbbe6751f89881792f501616f677f73638e
SHA1 hash: 28b089ef95ed317c9adaa72a477b22e257c559a2
MD5 hash: 893f9f6664c537f5d540be6d616288d7
humanhash: fillet-magazine-harry-winter
File name:MAR 2021.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:754'628 bytes
First seen:2021-04-12 13:58:40 UTC
Last seen:2021-04-12 16:25:06 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:mm2KIAh79C7Di0SrolJJYRS73w+02Ut++310s4fju6x/Z04l0KJ8nU3DQvjvFFF:m/KIehC7DOolJaS73BtuP0fS61JrTQvB
TLSH CAF43391FECB77B3C4EA5E54800FC075EEB6362CE80C4D1958C49E9C5A3B85A49532BE
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "<tracy.hn@iiflogistics.com.vn>" (likely spoofed)
Received: "from iiflogistics.com.vn (unknown [45.137.22.109]) "
Date: "12 Apr 2021 07:20:19 -0700"
Subject: "SOA MAR 2021"
Attachment: "MAR 2021.zip"

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.645.23901.3358.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/94cf6a006229ebd5b43fd23823b11d91f51a2ed5ddb10a285bc1d92b4f22a052
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/94cf6a006229ebd5b43fd23823b11d91f51a2ed5ddb10a285bc1d92b4f22a052/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-12 07:38:30 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
23 of 47 (48.94%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sthwuadcfhv5lnb72i4chmi5sh2rulwv3wyqukc3yhmswtzcubja._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210412-f1plqwppsa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/94cf6a006229ebd5b43fd23823b11d91f51a2ed5ddb10a285bc1d92b4f22a052

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 94cf6a006229ebd5b43fd23823b11d91f51a2ed5ddb10a285bc1d92b4f22a052

(this sample)

AgentTesla

Executable exe 3a5c30055449247f22c553ec85ef739642e65e1046dac93d9ead539e2fc4fd07

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3a5c30055449247f22c553ec85ef739642e65e1046dac93d9ead539e2fc4fd07
  
Dropping
AgentTesla

Comments