MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835
SHA3-384 hash: d80f7290d4a4b261cc44767086fd8651470cbf48ec529f1344a07cdc293e6474822a9bfd240847836b4770bd35469fcb
SHA1 hash: 00719875c061d7d9a5126a6aa127b4d3a7a18032
MD5 hash: f77fb9696ca8e53fb087c7db3a2f1e6f
humanhash: twenty-mango-monkey-juliet
File name:Request For Quotation.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:971'181 bytes
First seen:2021-08-02 06:44:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:hyf4cK/bya41499QECxApHS2YLV+CVXlL4+3QAuLTOMvrIw4Pe2:hyf4BbP41k99VxYxVVVdVupvrK22
TLSH T14E253346F5886DCCEA2C7DB4B98520F161BB1019803C896787A47521EBB3FF99DC1D27
Reporter cocaman
Tags:AgentTesla DHL zip


Avatar
cocaman
Malicious email (T1566.001)
From: "DHL EXPRESS<jerin.benjamin@dhl.com>" (likely spoofed)
Received: "from dhl.com (unknown [77.247.110.225]) "
Date: "2 Aug 2021 07:35:43 +0200"
Subject: "Consignment-Notification: You have a parcel"
Attachment: "Request For Quotation.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
309
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs289.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835/
Threat name:
ByteCode-MSIL.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-08-02 01:01:35 UTC
File Type:
Binary (Archive)
Extracted files:
135
AV detection:
7 of 46 (15.22%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=svlztlauwkxr3g4mv3q2zpc4sybiok5vcq2ety6lqb2al5345a2q._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210802-1ml7vx3j7a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 955799ac14b2af1d9b8caee1acbc5c9602872bb5143449e3cb807405f77ce835

(this sample)

AgentTesla

Executable exe ae5a3c9422ed0db82291183dfb6558f046fa7c57f36e47ed4c7f6cfb7d17bfc0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae5a3c9422ed0db82291183dfb6558f046fa7c57f36e47ed4c7f6cfb7d17bfc0
  
Dropping
AgentTesla

Comments