MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7
SHA3-384 hash: 58266a73965100c81cc2890491579e8b1d434271fc3465711872e5c37d22372ed4238c8a370c19f7d5d12ee1c91037bb
SHA1 hash: ebbc1ea5a106025ee7f2b4ad1828f2a274db3517
MD5 hash: 5c80d25f219bd46a61bdd8f22f73d0e0
humanhash: potato-edward-twenty-earth
File name:SHIPPING DOCUMENTS.zip
Download: download sample
Signature AgentTesla
Create hunting rule
File size:441'204 bytes
First seen:2023-01-24 07:31:40 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:mJGJwjlCVZgAT5EfZBgWv9AEPU2aaEmBalihilv21cIJ+DhjZxy2J5HQ:mAJ1ZvEfbgw9AEPURnmBzglv1hVpJe
TLSH T15494235A555D0E68134AB527F24883A6831BF9DFFBE179E4BC0B062C884FAD20663774
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter cocaman
Tags:AgentTesla Shipping zip


Avatar
cocaman
Malicious email (T1566.001)
From: "<evabouncell@gmail.com>" (likely spoofed)
Received: "from hosted-by.rootlayer.net (unknown [45.137.22.186]) "
Date: "23 Jan 2023 19:18:56 +0100"
Subject: "RE: Shipment Docs"
Attachment: "SHIPPING DOCUMENTS.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:SHIPPING DOCUMENTS.exe
File size:466'944 bytes
SHA256 hash: 4795e398d5dce733ecb352580be08b33ae668684856a5cf34a8cc21fa303c60e
MD5 hash: 246e9024db816f3d85af6f7744d64db4
MIME type:application/x-dosexec
Signature AgentTesla
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs789.UNOFFICIAL
Create hunting rule

Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cerbu packed vidar
Link:
https://www.filescan.io/uploads/63cf897396add6d1cf484e03/reports/dde97eba-0c4e-4f25-a1f1-0dbb130df022/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbz37hmu72qjt3wh3wgevknnbtpujmyqqrj3bpfpctov6uz2sd3q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection
Link:
https://tria.ge/reports/230124-jdhv9sbd61/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Uses the VBS compiler for execution
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.81
Link:
https://yomi.yoroi.company/submissions/b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

zip b073bf9d94fea099eec7dd8c4aa9ad0cdf44b3108453b0bcaf14dd5f533a90f7

(this sample)

AgentTesla

Executable exe 4795e398d5dce733ecb352580be08b33ae668684856a5cf34a8cc21fa303c60e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4795e398d5dce733ecb352580be08b33ae668684856a5cf34a8cc21fa303c60e
  
Dropping
AgentTesla

Comments