MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 962e36cc88a95881f13c4a22c40ec59d6a0a4dfb0427357995ed2605dffa5a33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 962e36cc88a95881f13c4a22c40ec59d6a0a4dfb0427357995ed2605dffa5a33
SHA3-384 hash: 63df0720a155310b5943d4354ceee4e4474e99ede0d35e5c9866aa070ddf15d100e60f788eb28fc90a99ee7d71e50a70
SHA1 hash: b5ba18fb40a95824e4acad4548c3dd3264dd4b0e
MD5 hash: b0fb3dea178fd74c406a275776421735
humanhash: robert-earth-river-blossom
File name:Lebanon Khayat Trading Company.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:663'051 bytes
First seen:2021-06-25 06:44:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:G1jVEU2T6xFFHdsuo7DKc86nn6NjiGBbEGdFJJiT1ge8oec5Fog+c:wjc6xFtKFvb8u6NjzQexiTyXqFoBc
TLSH 89E423FEA017D0D2930E4296C0453D36FF12CAD6FED0EB7C4EA6E921A9147C997A4890
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "<sklep@fgb.club>" (likely spoofed)
Received: "from fgb.club (unknown [45.137.22.36]) "
Date: "24 Jun 2021 22:56:46 -0700"
Subject: "RE: New Order"
Attachment: "Lebanon Khayat Trading Company.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Rogue.0hr.20210625-0304.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/962e36cc88a95881f13c4a22c40ec59d6a0a4dfb0427357995ed2605dffa5a33
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/962e36cc88a95881f13c4a22c40ec59d6a0a4dfb0427357995ed2605dffa5a33/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-06-25 03:36:44 UTC
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=syxdnteivfmid4j4jirmidwftvvautp3aqttk6mv5utalx72lizq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210625-6rt9qvnmrj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/962e36cc88a95881f13c4a22c40ec59d6a0a4dfb0427357995ed2605dffa5a33

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 962e36cc88a95881f13c4a22c40ec59d6a0a4dfb0427357995ed2605dffa5a33

(this sample)

AgentTesla

Executable exe 8e2bb2559f12546065c58e1ce777b8b1ef27179466f64443afcfb0ad4ec1628f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8e2bb2559f12546065c58e1ce777b8b1ef27179466f64443afcfb0ad4ec1628f

Comments