MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f
SHA3-384 hash: 95058e5ba5d6f8a2eedf7bb8c04776d73861cbc869455623019a5dd9df5a87d80ff6f1040a3cf9d5079288a651d8d976
SHA1 hash: e684502b696185a177b63f93d107a6d9844ef8c4
MD5 hash: 20a0c9a3206e37f988f7cbbeea3ce379
humanhash: vegan-november-purple-red
File name:FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:508'456 bytes
First seen:2021-04-30 12:45:37 UTC
Last seen:2021-04-30 13:01:25 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:9KEYL4zaVtmwWl1p2+vOF9LFGvOJJ9oMkG0hXJqW8H/s:lYi+Gl1p2BF9JG2zknhZ+H0
TLSH 57B423D810C4FC87D34661540A3773B710DE2A5B391E43E5ABB35E5B3A2972F468CBA8
Reporter cocaman
Tags:AgentTesla gz INVOICE


Avatar
cocaman
Malicious email (T1566.001)
From: "=?UTF-8?Q?BESMED-=E7=86=8A=E7=AD=A0?= <sales@besmed.com>" (likely spoofed)
Received: "from vps.chomga.com (slot0.chomga.com [185.121.120.135]) "
Date: "Fri, 30 Apr 2021 01:58:56 -0700"
Subject: "RE: QUOTE NEW ORDER- SCAN & SOFT COPY/ CDRL W-18 BAL QTY-560 PCS##"
Attachment: "FW RE TEXGEEK INVOICE & PACKING LIST - SCAN & SOFT COPY.PDF.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-04-30 12:46:16 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s6vluyznhgcj53wj5uz3m6ppiza5wblzu45kwzgesrhrsr3dsuhq._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger spyware stealer trojan
Link:
https://tria.ge/reports/210430-b8wm7b9t5n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz 97aaba632d39849eeec9ed33b679ef4641db0579a73aab64c4944f194763950f

(this sample)

AgentTesla

Executable exe afd6bafa6a8d82e932299d940a71eb03ce9c9f01e1818589500af3ea59c6cebc

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 afd6bafa6a8d82e932299d940a71eb03ce9c9f01e1818589500af3ea59c6cebc
  
Dropping
AgentTesla

Comments