MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a059d35098dc5e2b45c2a47e3122dea0e4cdd82623601dcb4cf89f47a19d4a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA 8 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a059d35098dc5e2b45c2a47e3122dea0e4cdd82623601dcb4cf89f47a19d4a6
SHA3-384 hash: b63f87d0b208829fdfbdd4e2c17caebb30fb9769a68ab71af63e8a55b17539310b0feb242a1412d07e745d3397fea77a
SHA1 hash: bb81ec7651e8fed05378dbe90a15004f8a0b6243
MD5 hash: e477d5f46a387f3e420d451325b88b49
humanhash: mountain-princess-mountain-blossom
File name:Wire Transfer 11-25-23 In The Amount Of $17,069.94 Outgoing To.tar.001
Download: download sample
Signature AgentTesla
Create hunting rule
File size:975'872 bytes
First seen:2023-11-27 08:14:32 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 24576:zCtPudv9fNd1Emnoo3BqAnmD9mpByq7M1l3:WkPjvnRpnmD9MU
TLSH T1C025D04135A486D6E47F23F3B42E941007F12CAE57A2E34E8FD236EA55A3BD10567B0B
TrID 62.9% (.TAR/GTAR) TAR - Tape ARchive (GNU) (17/3)
37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Reporter cocaman
Tags:001 AgentTesla tar


Avatar
cocaman
Malicious email (T1566.001)
From: ""Huyen Trinh" <huyentrinh@viettien.com.vn>" (likely spoofed)
Received: "from viettien.com.vn (unknown [91.92.241.3]) "
Date: "26 Nov 2023 22:29:30 -0800"
Subject: "**URGENT** Re: Checking on our refund bulk order TX23-630"
Attachment: "Wire Transfer 11-25-23 In The Amount Of $17,069.94 Outgoing To.tar.001"

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Wire Transfer 11-25-23 In The Amount Of $17,069.94 Outgoing To.exe
File size:974'336 bytes
SHA256 hash: aafed148376c7e9484eedc5d71e361bdd7f8b2228d4f713eb68fbda4ce376f2e
MD5 hash: 4bb84bbd25b4ffd69ec7009c3ba787ea
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Porcupine.Malware.58887.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Mal/DrodTar
Link:
https://www.hybrid-analysis.com/sample/9a059d35098dc5e2b45c2a47e3122dea0e4cdd82623601dcb4cf89f47a19d4a6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a059d35098dc5e2b45c2a47e3122dea0e4cdd82623601dcb4cf89f47a19d4a6/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-11-27 04:31:28 UTC
File Type:
Binary (Archive)
Extracted files:
44
AV detection:
9 of 37 (24.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ticz2nijrxc6fnc4fjd6gern5ihezxmcmi3adxfuz6e7i6qz2sta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9a059d35098dc5e2b45c2a47e3122dea0e4cdd82623601dcb4cf89f47a19d4a6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AgentTesla_DIFF_Common_Strings_01
Create hunting rule
Author:schmidtsz
Description:Identify partial Agent Tesla strings
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

tar 9a059d35098dc5e2b45c2a47e3122dea0e4cdd82623601dcb4cf89f47a19d4a6

(this sample)

AgentTesla

Executable exe aafed148376c7e9484eedc5d71e361bdd7f8b2228d4f713eb68fbda4ce376f2e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aafed148376c7e9484eedc5d71e361bdd7f8b2228d4f713eb68fbda4ce376f2e
  
Dropping
AgentTesla
  
Dropping
MD5 4bb84bbd25b4ffd69ec7009c3ba787ea

Comments