MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93
SHA3-384 hash: 15592cbe2c637c894c1db043203965fef6fa6fa80b9407eaac4c608d602394375e317b66fe24590ad603c5c8424a94fd
SHA1 hash: aa4bf9c81235757291517154d9884b57eaa3bd4b
MD5 hash: 84613fb12f93ddb57794a8e0c6a5e194
humanhash: zebra-cup-cup-lithium
File name:Order no 091823.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:10'123 bytes
First seen:2023-09-18 06:05:28 UTC
Last seen:2023-09-18 07:32:18 UTC
File type: zip
MIME type:application/zip
ssdeep 192:c6hVoIJF44Jk8y8HkJAYLLigVTxusRv+xBFQpxEOx9xWsxmtxhx3xyxD+xkxXxlB:cuogOUkNEMAyjpxBRv+xBFQpxEOx9xWY
TLSH T1E622B327B226E62149163D85D3231DCFB163EE904A6B5AC920B36CFBD742B43F24DD19
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla cab zip


Avatar
cocaman
Malicious email (T1566.001)
From: "Vijay BCL Industry <info@kolhers.com>" (likely spoofed)
Received: "from server.kolhers.com (server.kolhers.com [185.113.8.175]) "
Date: "18 Sep 2023 09:31:46 +0200"
Subject: "BCL Order no 091823"
Attachment: "Order no 091823.cab"

Intelligence

File Origin
# of uploads :
4
# of downloads :
103
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Order no 091823.js
File size:481'782 bytes
SHA256 hash: 52b61960257859701292ee8a17c51f355b7c22718721ee2e02cb117e16e617e4
MD5 hash: 0e5ed09b3b7c91463dd4f068b5e3dd81
MIME type:text/plain
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.JS_Zip_1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.HEUR.Trojan-Downloader.Script.Generic.18766.11489.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
JS File - Malicious
Link:
https://app.docguard.net/a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/6507e8cb86207ed6281f3cf3/reports/90239452-12ec-4850-bd70-68e549c66ae7/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93/
Threat name:
Script-JS.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-09-18 04:58:41 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=umobtvqlxy6qnjvvitk75kcxvvrdogshefv4xj645s4f7qxbdsjq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/230918-g66rpafe3t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Drops startup file
Blocklisted process makes network request
Malware Config
Dropper Extraction:
https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip a31c19d60bbe3d06a6b544d5fea857ad62371a47216bcba7dcecb85fc2e11c93

(this sample)

AgentTesla

Java Script (JS) js 52b61960257859701292ee8a17c51f355b7c22718721ee2e02cb117e16e617e4

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 52b61960257859701292ee8a17c51f355b7c22718721ee2e02cb117e16e617e4
  
Dropping
MD5 0e5ed09b3b7c91463dd4f068b5e3dd81

Comments