MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b52f299806a5675bfb28fd4fede61e47f059b161c4313cecb953c2167cbe219c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b52f299806a5675bfb28fd4fede61e47f059b161c4313cecb953c2167cbe219c
SHA3-384 hash: 92a24698b2d1aec4e94173c1ec82c70225e1536acf3b315c86d2b711f89ebfcd76131e1e47980c955f0808c65b875122
SHA1 hash: b0154deacc97f11da92e708ea3d52ce90477dc69
MD5 hash: a7bdf26f06494e26a8ac90d73103780e
humanhash: purple-diet-helium-failed
File name:KYC INQUIRY 14-01.cab
Download: download sample
Signature AgentTesla
Create hunting rule
File size:443'460 bytes
First seen:2022-01-14 15:16:03 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:bVwuKoSi4cf5lVxWxI2KXOt92HhowBYEasCAfRCUEWO0ZFdi4g+s3Ge1G+C2oz2W:b33Swf5F2wX9BYL7vUfZSf+cl7c
TLSH T149942308879C3D33D126C75694E71DA7DAC3A8FD9762BA8F32BF649E7389445210284F
Reporter cocaman
Tags:AgentTesla cab rar


Avatar
cocaman
Malicious email (T1566.001)
From: "KYC Office Annex <info@huber-hof.it>" (likely spoofed)
Received: "from nsb.dd3.firma5.com (nsa.dd3.firma5.com [84.19.175.227]) "
Date: "Fri, 14 Jan 2022 05:11:18 -0800"
Subject: "KYC Inquiry for 14-01"
Attachment: "KYC INQUIRY 14-01.cab"

Intelligence

File Origin
# of uploads :
1
# of downloads :
414
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe obfuscated packed
Link:
https://www.filescan.io/uploads/61e193bfe997359713eced59/reports/97169976-a5e4-44ff-a75a-cb7ea26965b3/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b52f299806a5675bfb28fd4fede61e47f059b161c4313cecb953c2167cbe219c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2022-01-14 15:16:27 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
7 of 43 (16.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wuxstgaguvtvx6zi7vh63zq6i7yftmlbyqytz3fzkpbbm7f6egoa._file
Result
Malware family:
agenttesla
Create hunting rule
Score:
  10/10
Tags:
family:agenttesla collection keylogger spyware stealer trojan
Link:
https://tria.ge/reports/220114-snjpzsghc2/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads data files stored by FTP clients
Reads user/profile data of local email clients
Reads user/profile data of web browsers
AgentTesla Payload
AgentTesla
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b52f299806a5675bfb28fd4fede61e47f059b161c4313cecb953c2167cbe219c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

rar b52f299806a5675bfb28fd4fede61e47f059b161c4313cecb953c2167cbe219c

(this sample)

AgentTesla

Executable exe 77743ead6e13c024db3534a837c669ee3c4fbaac2320bbf937fbe5e58de4a3b3

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 77743ead6e13c024db3534a837c669ee3c4fbaac2320bbf937fbe5e58de4a3b3

Comments