MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4bdffe4d750442723727823a4efd9e0c9f048dde37c127d144e33de96c6af7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4bdffe4d750442723727823a4efd9e0c9f048dde37c127d144e33de96c6af7b
SHA3-384 hash: 162c1d401318268e363d22831099f4ece8dfc968e87d5c4a6266d2fba23d31fc03712ac83133cd7aee07d1bcde62ac53
SHA1 hash: 0667fb5bb2f3344dc364cd417503c6071c35c582
MD5 hash: cf8c70f20e71f91389ab45d46a7fc576
humanhash: winner-leopard-helium-diet
File name:387-3703_drw - PRODUCTION-pdf.gz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:341'574 bytes
First seen:2021-06-08 05:39:52 UTC
Last seen:2021-06-08 05:45:51 UTC
File type: gz
MIME type:application/x-rar
ssdeep 6144:XxnQVvOaoAS/Cdmo0E9JJqhi5yg4migpQkQXzQxjuCI1KOyQnJL1MYvKfM7i0W:hWGHCAZwJE45d7pQhX0nI/RJL1MsKfM4
TLSH 137423E56887BA4E9B63753DDEC5C909DC1DA9C765EC22BD6480023B4EADD2D48C3F02
Reporter cocaman
Tags:AgentTesla gz


Avatar
cocaman
Malicious email (T1566.001)
From: "Sales Department <sales.austria@aafeurope.com>" (likely spoofed)
Received: "from aafeurope.com (unknown [103.232.53.200]) "
Date: "7 Jun 2021 20:58:57 -0700"
Subject: "RFQ: Pattern quotation 5638044"
Attachment: "387-3703_drw - PRODUCTION-pdf.gz"

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Document With Minimal Content
Document contains less than 1 kilobyte of semantic information.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4bdffe4d750442723727823a4efd9e0c9f048dde37c127d144e33de96c6af7b/
Threat name:
ByteCode-MSIL.Trojan.ZmutzyPong
Create hunting rule
Status:
Malicious
First seen:
2021-06-08 02:30:38 UTC
File Type:
Binary (Archive)
Extracted files:
15
AV detection:
7 of 47 (14.89%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ws677zgxkbccoi3spar2j36z4de7asg54n6be7iujyz55fwgv55q._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla keylogger persistence spyware stealer trojan
Link:
https://tria.ge/reports/210608-7myqz86gd2/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b4bdffe4d750442723727823a4efd9e0c9f048dde37c127d144e33de96c6af7b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

gz b4bdffe4d750442723727823a4efd9e0c9f048dde37c127d144e33de96c6af7b

(this sample)

AgentTesla

Executable exe 26740b15b4664067de325f0e66367cc06ca60b28c19effdb460ff4d2c0d9b06f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 26740b15b4664067de325f0e66367cc06ca60b28c19effdb460ff4d2c0d9b06f
  
Dropping
AgentTesla
  
Dropping
SHA256 f098e53c80317b4283d87afd905a6cab7f17d7471c2e6ecee5f35f0f8f07528c

Comments