MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0eee785ad7362d359cc120ee9ec1455fac3e713a5f7912eee64c163e2223a48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0eee785ad7362d359cc120ee9ec1455fac3e713a5f7912eee64c163e2223a48
SHA3-384 hash: e76c11fc96af9bb3ed9ab02c6c6f123feca5e00a6db1b37ad474ce5cacb0a358710c0a579ab8d5280cd053aeca1602ae
SHA1 hash: d4c1df8310836d4dc62fef06462f024496a5448c
MD5 hash: af07804be156bc522ae4a2f0dbd04ffe
humanhash: fifteen-sodium-cardinal-nevada
File name:Cotización.vbs
Download: download sample
Signature AgentTesla
Create hunting rule
File size:326'520 bytes
First seen:2023-07-08 08:24:15 UTC
Last seen:Never
File type:Visual Basic Script (vbs) vbs
MIME type:text/plain
ssdeep 192:xqK5c6S0jjuQjjarGkEudzptZEygbKjreYSikjjjjZutYzK1pGt6ZZZSpqxagSTU:xqK5QNp3ngqxXSYZ2Ur
Threatray 4'654 similar samples on MalwareBazaar
TLSH T1AA64E2033199CCE5A1D17A63419BFD348BF77AD9963E527440CC4A0D5BC2A9C8C8ABE3
TrID 66.6% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
33.3% (.MP3) MP3 audio (1000/1)
Reporter abuse_ch
Tags:AgentTesla vbs

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/411455/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68031681.26864.1866.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
Trojan.Script.VBS
Link:
https://www.hybrid-analysis.com/sample/a0eee785ad7362d359cc120ee9ec1455fac3e713a5f7912eee64c163e2223a48
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0eee785ad7362d359cc120ee9ec1455fac3e713a5f7912eee64c163e2223a48/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-07 09:02:03 UTC
File Type:
Text (VBS)
AV detection:
5 of 37 (13.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=udxopbnnonrngwomcihot3aukx5mhzytux3zclxomtawhyrchjea._file
Verdict:
malicious
Label(s):
agenttesla
Create hunting rule
Similar samples:
1d0cf9a5e034371075cf0a328d98c53f4eeb74325d61ee956222346ebb1f5497
AgentTesla
3bf7b7244aaf94354649a6fcecee9add95d2e4768e8d60fb342202801ab16139
AgentTesla
53e575805dc9d69c41f366e65946a7d4adf051f322f463f70e9b2f80d50450cb
AgentTesla
5ab22e56eeec62218a25df2b827421b501188978e80fa4ec531479d38ea3f5f2
AgentTesla
750899c839d771db1fa926991742dcc08e9afb03af983d646876e173789fb4ba
AgentTesla
bdc3b394b6fa647e13f3b728786c14a58e44af9f174563550a7bab578303d1c8
AgentTesla
cd917c86fe27ecd3feeca690377817bce1f4034830e6d68a19dbffc8c61e97bb
AgentTesla
cf28022edef1f38d7876a22e54d670a17ad7a663fe6d630f8b4e33638d6ef539
AgentTesla
+ 4'644 additional samples on MalwareBazaar
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/230708-kbamjsda96/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Enumerates physical storage devices
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Blocklisted process makes network request
AgentTesla
Malware Config
Dropper Extraction:
http://cryptersandtools.minhacasa.tv/e/e
Malware family:
AgentTesla.v4
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a0eee785ad73/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
AgentTesla
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/a0eee785ad7362d359cc120ee9ec1455fac3e713a5f7912eee64c163e2223a48

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/411455/

Comments