MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a36c5b4ff43dd3b73a70cbc1c7b264d87d10c3f8bb3d7c533219d83e0575b306. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a36c5b4ff43dd3b73a70cbc1c7b264d87d10c3f8bb3d7c533219d83e0575b306
SHA3-384 hash: 4ccb2b39b6044a5cee7a749684442ed592261f6c42864fe8dbfed1f96bfb7926f37fd6a1ed70c8b7cc2e2b6a9601dbb2
SHA1 hash: 657dddc713998d9c39395831ea0b4b5c88daa2fb
MD5 hash: 46b162068fa8d477d31a1a89bfa90b87
humanhash: lamp-michigan-zulu-arizona
File name:Invoice.7z
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'019'201 bytes
First seen:2021-04-16 19:13:39 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 24576:kQs5uQEEqoGYpROiOKwo8RNsZy7IjDXeLtcqnkQwz+T4:E5lLqoHaiOKwo8RNsZy7MXAtxrwz+T4
TLSH 8C25334A14638EE1E15B6CF83B5D1887E454F93C30CACBADA11F8E5AAD34DD51A30D2B
Reporter GovCERT_CH
Tags:AgentTesla

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.24184.7zHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a36c5b4ff43dd3b73a70cbc1c7b264d87d10c3f8bb3d7c533219d83e0575b306/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-04-16 19:14:16 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=unwfwt7uhxj3ootqzpa4pmte3b6rbq7yxm6xyuzsdhmd4blvwmda._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210416-2fbj5kl976/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Drops file in Drivers directory
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a36c5b4ff43dd3b73a70cbc1c7b264d87d10c3f8bb3d7c533219d83e0575b306

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

7z a36c5b4ff43dd3b73a70cbc1c7b264d87d10c3f8bb3d7c533219d83e0575b306

(this sample)

AgentTesla

Executable exe 89203c9d1ba98fde5ac5baad12944bc68d9a8b1a21a0bb61526daaca06d7b189

  
Dropped by
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89203c9d1ba98fde5ac5baad12944bc68d9a8b1a21a0bb61526daaca06d7b189
  
Dropping
MD5 d33b39c996adec836b65b860fa033634

Comments