MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0255895e262fb8e430c4e1c1cc744d73f55b27a910c113bc2cd2f232b9bf83c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0255895e262fb8e430c4e1c1cc744d73f55b27a910c113bc2cd2f232b9bf83c
SHA3-384 hash: b63caa9f5389dbfdb3f8554409c9bf5b3554098e2c32aac6033ff6304681270bab57d069cc9d5f439b5f46f411c6e42a
SHA1 hash: 9333b596d242728b187bc270b63c7e5c44becaba
MD5 hash: 7942a6b5fd1830af2d4f9278939284c7
humanhash: rugby-golf-beryllium-lemon
File name:Shipping Documents.7Z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:501'663 bytes
First seen:2022-06-03 05:52:16 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:R9ElFez7GAWZFZCCL9QFMlzyfOcmzCX7dW8:rhgZ/5QFMJyfOcCCXY8
TLSH T100B4235E52897F76452E227AEFF451F10E493A3B2180DEEDD0761C2AC2E005EDDB0A67
TrID 58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1)
41.6% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:7z AgentTesla DHL Shipping

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0255895e262fb8e430c4e1c1cc744d73f55b27a910c113bc2cd2f232b9bf83c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-06-02 03:20:45 UTC
File Type:
Binary (Archive)
Extracted files:
32
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uasvrfpcml5y4qymjyobzr2e247vlmt2segbco6czuxsgk437a6a._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220603-glathsaed8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Drops file in Drivers directory
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/a0255895e262fb8e430c4e1c1cc744d73f55b27a910c113bc2cd2f232b9bf83c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z a0255895e262fb8e430c4e1c1cc744d73f55b27a910c113bc2cd2f232b9bf83c

(this sample)

AgentTesla

Executable exe 867307cc1e56753815fdd966d0a7275dd6e7078d333fb8d45591d09fde9dc49f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 867307cc1e56753815fdd966d0a7275dd6e7078d333fb8d45591d09fde9dc49f
  
Dropping
AgentTesla

Comments