MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b
SHA3-384 hash: aa9510d76107a122f9528d0e7c82fe4c118173cf684753e43566f74ef3067758b4a79bbf7c9821f3f2ddb1b4a01bde40
SHA1 hash: dcb0127c3f739ba41715b1a17a069a076e177fbb
MD5 hash: 16dd94a96015805abc129d9a14f265f2
humanhash: five-nineteen-mirror-carbon
File name:LS0061321.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'313'361 bytes
First seen:2021-06-14 05:06:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:c2hEVY1CDElG5h5wyGTh2ng+YrB3D2p0+xwGA5vBL6YqWxXmF3t+DYzJ:4YEQ6nGTwnsNKp04bSE82eu
TLSH 375533CBF122433D96E47C5476342313C5F295B9BEA78BF37D9C0A8139076896B6E40A
Reporter cocaman
Tags:AgentTesla zip


Avatar
cocaman
Malicious email (T1566.001)
From: "enquiries@kmpl.com.au" (likely spoofed)
Received: "from kmpl.com.au (unknown [209.127.189.51]) "
Date: "13 Jun 2021 14:44:59 -0700"
Subject: "New Order & Packing List"
Attachment: "LS0061321.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.YakbeexMSIL.ZZ4.31597.27074.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-14 05:07:08 UTC
File Type:
Binary (Archive)
Extracted files:
9
AV detection:
8 of 46 (17.39%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s7xi3k3wnpfm6xwtrtzxc4mr74dyowo54epd6sdqf2zxdqkthivq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210614-pqep2fw21x/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip 97ee8dab766bcacf5ed38cf3717191ff078759dde11e3f48702eb371c1533a2b

(this sample)

AgentTesla

Executable exe e6ce317d3368fb336f2d2efb78002797975ba82ba0a16869b5e2912caf5731c6

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e6ce317d3368fb336f2d2efb78002797975ba82ba0a16869b5e2912caf5731c6

Comments